On 10/20/2014 03:23 PM, Alexandre Detiste wrote: > Hi, > > I have already discussed this bug with the two other upstreams: > https://github.com/systemd-cron/systemd-cron/issues/15 > > They don't really want to mess with a setuid C program that is a potential > security hole. > > The easiest to fix this on Debian would be to kindly as the 'cron' maintainers > to generate an extra 'crontab' binary package with only '/usr/bin/crontab' & > the manpage included. > https://github.com/a-detiste/crontab/commit/37ce687a58187d3cce610b28c1fad47854576584 > > I have documented this bug + a workaround in the manpage of the next release: > https://github.com/systemd-cron/systemd-cron/commit/b9f8bc86eb361515089ebbad187aba8a6553033d
Splitting crontab into a separate package would definitely be the way to go IMHO. It's true that we don't really need another implementation, and the proposed work-arounds are not good enough. Did you already ask the cron maintainers if such a patch will be accepted? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
