On 03/28/2013 09:58 AM, Damyan Ivanov wrote: > -=| John Lightsey, 18.05.2011 20:25:09 -0500 |=- >> tags 610384 + wontfix >> thanks >> >> The handling of files in /tmp with Parallel::Forkmanager 0.7.6+ is very >> insecure. >> >> http://rt.cpan.org/Ticket/Display.html?id=68298 > > Dear John, > > It seems to me that the current upstream version (1.03) of > Parallel::ForkManager is better in handling temporary files. Although > all the files still use predictable names, they are all created in > a directory created by File::Temp::tmpdir, which should be safe enough > AIUI. > > Maybe you would consider uploading an updated package? Experimental > should be fine if you don't want to disturb the freeze. > > > As an alternative, in case you don't have time for this package, > I offer to take it over to the pkg-perl team (which you are welcome to > join too). If the Debian Perl team would like to take over the three Perl modules I'm maintaining, please feel free to do so. My git repos for these packages are here: http://nixnuts.net/git/libyaml-tiny-perl.git http://nixnuts.net/git/libfinance-quotehist-perl.git http://nixnuts.net/git/libparallel-forkmanager-perl.git I have the 1.02 version of Parallel::Forkmanager packaged already and have been holding off on an upload due to the release freeze. John
Attachment:
signature.asc
Description: OpenPGP digital signature