On Thu, 01 Feb 2018, Daniel Kahn Gillmor wrote:
> "chown -R" and "chmod -R" are very hard to use safely
> some debian maintainer scripts might be tempted to use them to adjust
> file ownership to specific users. however, those scripts are
> vulnerable to attack on kernels that do not have
Only if someone has write access to the directories where chown/chmod
are called... which is generally not the cases for directories that
are modified by maintainer scripts (/var/log/foo, /var/lib/foo).
I'm sorry but this tag is going to generate lots of noise and
unhappiness among maintainers because:
1/ you do not suggest any alternative (how do I fix change
2/ you do not tell them how to ensure that their case is safe or not and
whether they should just override the tag or not.
3/ I expect the false-positive ratio to be very high
Chris, as a lintian maintainer, I would expect you to ensure that
any tag has actionable data and looking at the commit, clearly this
one doesn't have any. There's no indication on how to go forward
to fix this tag.
Please try to be a bit more restrictive in what new tags you are
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/