Hi Thijs, * Thijs Kinkhorst <thijs@debian.org> [2008-08-19 12:27]: > On Monday 18 August 2008 22:26, Nico Golde wrote: > > * Steven M. Christey <coley@linus.mitre.org> [2008-08-18 22:09]: > > > On Mon, 18 Aug 2008, Nico Golde wrote: > > > > This is known but as I wrote in the bug report: > > > > "the file is safely created with O_EXCL and 0600, still > > > > unsafe if used with -u" > > > > > > Given that -u is "unsafe mode" with a disclaimer against race conditions > > > (at least based on the manpage I looked at), I'm of the mindset that > > > you'd flag an application for using mktemp -u, but not mktemp itself. > > > > Ok fine, makes sense to me. > > Should we remove the mktemp "temp issue" from the tracker or rather mark it as > no-dsa or unimportant? Removed it, I think Steves suggestion is fine. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpiv5WI_EcjL.pgp
Description: PGP signature