On 20/09/16 02:56, salsaman wrote:
> first of all, I am the main developer of LiVES. Please cc the address
> salsaman+li...@gmail.com <mailto:salsaman%2bli...@gmail.com> to all
> future bugs related to LiVES.

You should go to https://tracker.debian.org/pkg/lives and press the
Subscribe button in the top right corner and you'll automatically get
CCed on all bug reports.

> Secondly, there is incorrect information in this bug report.
> You'll see that $curtmpdir is set to /tmp/smogrify, via code such as:
>         $handle=$ARGV[1];
>         $curtmpdir="$tmpdir/$handle";
> In fact $tmpdir is a bit of a misnomer, it points to the LiVES working
> directory, which is created for LiVES at install and chosen by the user,
> (or a subdirectory of this). $handle is a random number generated for
> the clip. So in this case it would be something like
> /home/user/livestmp/34736474/ or
> /home/user/livestmp/setname/clips/434637826/

I agree that the use of $tmpdir in this case should be fine, though as
the other bug report states, ~/livestmp is an annoying name. Probably
$XDG_CACHE_HOME/lives would be better.

> In fact /tmp is not used at all.
> If there is a genuine problem here I would be happy to correct it.

I'm not sure about that though. Briefly looking at smogrify, I think the
use of /tmp for these files are still insecure:



Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to