Re: Policy Weekly Issue #4/6: Secure maintainer scripts

To: debian-policy@lists.debian.org
Subject: Re: Policy Weekly Issue #4/6: Secure maintainer scripts
From: Guy Maor <maor@ece.utexas.edu>
Date: 07 Dec 1997 23:49:26 -0800
Message-id: <[🔎] 87yb1wqnp5.fsf@1Cust85.max36.los-angeles.ca.ms.uu.net>
In-reply-to: Joey Hess's message of Thu, 23 Oct 1997 18:13:01 -0400
References: <Pine.LNX.3.96.971023225706.17246N-100000@monet> <19971023181301.14530@kite>

Joey Hess <joey@kite.ml.org> writes:

> Christian Schwarz wrote:
> I don't think this is good enough. The point isn't really to do this, it's
> to create files in /tmp in a secure manner.

Uh, yes:

> >      The Debian base distribution provides the `tempfile' utility for
> >      use by scripts for this purpose.

Use of tempfile should be required.

As you already know, there's a new BSD script with does the same thing
as tempfile, but may be more standard.  So hold off on this section of
the policy until I get this new program into debianutils.  After that
we should mandate its use (assuming it has at least tempfile's
capabilities).

I'll keep tempfile in debianutils until nobody uses it though.

Guy

Reply to:

Prev by Date: Re: Policy Weekly Issue #4/1: Bash vs Bourne shell
Next by Date: Re: policy for translated manpages for section 1 ?
Previous by thread: Re: Policy Weekly Issue #4/1: Bash vs Bourne shell
Next by thread: Re: proposed minimum function of /etc/init.d scripts
Index(es):
- Date
- Thread