Hi, On 20/09/16 02:56, salsaman wrote: > first of all, I am the main developer of LiVES. Please cc the address > salsaman+li...@gmail.com <mailto:salsaman%2bli...@gmail.com> to all > future bugs related to LiVES.
You should go to https://tracker.debian.org/pkg/lives and press the Subscribe button in the top right corner and you'll automatically get CCed on all bug reports. > Secondly, there is incorrect information in this bug report. >>> > > You'll see that $curtmpdir is set to /tmp/smogrify, via code such as: > > $handle=$ARGV; > $curtmpdir="$tmpdir/$handle"; > >>> > > In fact $tmpdir is a bit of a misnomer, it points to the LiVES working > directory, which is created for LiVES at install and chosen by the user, > (or a subdirectory of this). $handle is a random number generated for > the clip. So in this case it would be something like > /home/user/livestmp/34736474/ or > /home/user/livestmp/setname/clips/434637826/ I agree that the use of $tmpdir in this case should be fine, though as the other bug report states, ~/livestmp is an annoying name. Probably $XDG_CACHE_HOME/lives would be better. > In fact /tmp is not used at all. > > If there is a genuine problem here I would be happy to correct it. I'm not sure about that though. Briefly looking at smogrify, I think the use of /tmp for these files are still insecure: /tmp/.smogrify.* /tmp/.smogval* /tmp/lives-symlinks/ Thanks, James
Description: OpenPGP digital signature