VB>> frustratingly, I'm not a DD VB>> and Worse. I have an emergency update to TWiki for a security issue that VB>> needs fixing for Lenny, but I have no DD to help me upload it VB>> Anyone here willing to do a quick package upload of TWiki in the next VB>> day? VB> Hi Sven! VB> I would be happy to upload your fix but I disagree with it. As pointed VB> by Olivier at the end of the bug report, /tmp can be flushed at boot or VB> by some cronjobs. Therefore, you cannot ensure that the twiki directory VB> still exists when twiki will be running. Before upload please check that twiki postinst script is save previous twiki session dir (The NEW installation may use any session dirs, upgrade must use directory of twiki-config) see my prevoius mail and (for example) my version of patch :) VB> I cannot give an universal solution, but in Roundcube, we use VB> /var/lib/roundcube/temp and we provide a cron job that will clean it VB> every m days where <m> can be set by the user in /etc/default/roundcube VB> (and I just noticed that this is broken... will upload a fix). This way, VB> we don't fill up /var but we don't rely on anything in /tmp. Moreover, VB> we don't have to handle a complex script in postinst to circumvent VB> symlinks attacks. VB> The problem with webapps is that we don't have a clear policy of what to VB> do. You can just look at other packages, like phpmyadmin, mediawiki, VB> etc. Each attempt to establish a webapps policy seems to be aborted. -- ... mpd is off . ''`. Dmitry E. Oboukhov : :’ : unera@debian.org `. `~’ GPGKey: 1024D / F8E26537 2006-11-21 `- 1B23 D4F8 8EC0 D902 0555 E438 AB8C 00CF F8E2 6537
Attachment:
signature.asc
Description: Digital signature