Re: Bug#680484: closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)

To: Jonathan Wiltshire <jmw@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: Bug#680484: closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
From: Andreas Tille <tille@debian.org>
Date: Fri, 5 Apr 2013 22:23:27 +0200
Message-id: <[🔎] 20130405202327.GA13774@an3as.eu>
In-reply-to: <[🔎] 20130405201231.GA32740@lupin.home.powdarrmonkey.net>
References: <[🔎] 20130403224047.GA561@ernie.home.powdarrmonkey.net> <[🔎] 20130404063300.GA22983@an3as.eu> <[🔎] 20130404174311.GC5725@radis.cristau.org> <[🔎] 20130404194000.GC1215@an3as.eu> <[🔎] 344b9de202b3a0f5254f123c3da21438@hogwarts.powdarrmonkey.net> <[🔎] 20130405171239.GE24920@an3as.eu> <[🔎] 768417496e34a7c9220aebb21dc0640a@dogguy.org> <[🔎] 20130405192739.GA12457@an3as.eu> <[🔎] 20130405194545.GB19500@lupin.home.powdarrmonkey.net> <[🔎] 20130405201231.GA32740@lupin.home.powdarrmonkey.net>

Hi,

On Fri, Apr 05, 2013 at 09:12:31PM +0100, Jonathan Wiltshire wrote:
> > Well, my rationale is this: I assume that the input to those function calls
> > could be untrustworty, and there is no substitution going on anyway, so
> > changing them to fputs prevents naive future arguments being added opening
> > the way to an abuse of %n in the format string. That's essentially what
> > -Wformat-security is about in any case.

I created the patch *because* I enabled hardening and thus it was
needed.  I guess it does not harm to leave it in (the patch, not the
hardening as it was said by Julian).

> > Though it could also be argued that once released Wheezy isn't going to
> > change anyway, but... personally I'd play it safe.
> > 
> > I don't know Medhi's rationale, he may have a persuasive counter-argument :)
> 
> We had a quick discussion on IRC and it makes little difference one way or
> the other, so feel free to go ahead.

OK, I'll upload to testing including the patch.

Thanks for the advise

     Andreas.

-- 
http://fam-tille.de

Reply to:

References:
- Re: Bug#680484 closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
  - From: Jonathan Wiltshire <jmw@debian.org>
- Re: Bug#680484 closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
  - From: Andreas Tille <tille@debian.org>
- Re: Bug#680484 closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
  - From: Julien Cristau <jcristau@debian.org>
- Re: Bug#680484 closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
  - From: Andreas Tille <tille@debian.org>
- Re: Bug#680484 closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
  - From: Jonathan Wiltshire <jmw@debian.org>
- Re: Bug#680484: closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
  - From: Andreas Tille <tille@debian.org>
- Re: Bug#680484: closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
  - From: Mehdi Dogguy <mehdi@dogguy.org>
- Re: Bug#680484: closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
  - From: Andreas Tille <tille@debian.org>
- Re: Bug#680484: closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
  - From: Jonathan Wiltshire <jmw@debian.org>
- Re: Bug#680484: closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
  - From: Jonathan Wiltshire <jmw@debian.org>

Prev by Date: Re: Bug#680484: closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
Next by Date: Bug#704772: tpu: libdr-tarantool-perl/0.15-1+deb70u1
Previous by thread: Re: Bug#680484: closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
Next by thread: Re: Bug#680484: closed by Andreas Tille <tille@debian.org> (Bug#680484: fixed in scotch 5.1.12b.dfsg-2)
Index(es):
- Date
- Thread