Re: Bug#588017: perl: current directory in @INC potentially harmful

To: 588017@bugs.debian.org, debian-release@lists.debian.org
Subject: Re: Bug#588017: perl: current directory in @INC potentially harmful
From: Dominic Hargreaves <dom@earth.li>
Date: Sun, 15 Aug 2010 16:24:33 +0100
Message-id: <[🔎] 20100815152433.GK547@urchin.earth.li>
In-reply-to: <87iq3q9e91.fsf@marvin.43-1.org>
References: <20100704051620.4417.21801.reportbug@marvin.43-1.org> <4C30C62B.50602@debian.org> <20100704174732.GG4484@urchin.earth.li> <20100712184734.GE4265@crustynet.org.uk> <20100804120252.GA21395@madeleine.local.invalid> <87iq3q9e91.fsf@marvin.43-1.org>

On Thu, Aug 05, 2010 at 07:58:34AM +0900, Ansgar Burchardt wrote:

> Niko Tyni <ntyni@debian.org> writes:
> 
> > While I agree it's potentially harmful, I think fixing it has a very
> > high risk of breaking user scripts. It's definitely not something to do
> > in a stable security update, and I'm not enthusiastic about diverging
> > from upstream at all here.
> 
> I agree.  This is very likely to break things.
> 
> > Ansgar, could you please discuss this upstream on the perl5-porters
> > list?
> 
> Just sent a message there [1].  Let's see what they think about this.

Upstream agrees that this isn't readily fixable.

I think this means that a squeeze-ignore tag and/or a severity downgrade
would be appropriate here?

Cheers,
Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)

Reply to:

Follow-Ups:
- Re: Bug#588017: perl: current directory in @INC potentially harmful
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: Bug#590873: openconnect < 2.25 does not verify SSL server certificates
Next by Date: Re: Freeze exception for inetutils 2:1.8-1
Previous by thread: Re: Bug#590873: openconnect < 2.25 does not verify SSL server certificates
Next by thread: Re: Bug#588017: perl: current directory in @INC potentially harmful
Index(es):
- Date
- Thread