[sending reply again, hopefully correct this time] Le lundi 19 octobre 2015 à 17:52 +0200, Rafael Laboissiere a écrit : > * Sébastien Villemot <sebastien@debian.org> [2015-10-19 15:09]: > > > I was just wondering if this change does not introduce a security > > issue > > (it is usually considered bad practice to use predictable > > directories > > under /tmp, because /tmp is write-all and a malicious user could > > exploit this). I therefore don't know if it is acceptable to use > > such a > > predictable directory under /tmp for building Debian packages. > > I think you are right, predictable filenames in /tmp must be avoided > in > the build process. Would it be acceptable to create a build > directory in > /var/cache? I think this is not acceptable, because the package would only be buildable as root (while packages are usually built with fakeroot). -- .''`. Sébastien Villemot : :' : Debian Developer `. `' http://sebastien.villemot.name `- GPG Key: 4096R/381A7594
Attachment:
signature.asc
Description: This is a digitally signed message part