Package: debianutils Version: 5.1-1 Severity: wishlist
Hi. While I can understandt that it's desireable to get rid of custom legacy tools, this should be more properly documented. I guess a NEWS.Debian entry and some notes in the next release notes would be appropriate. The problems with xsessions has shown that the deprecation warning to stderr might not have been enough, since the tool might be used in places where that is never read. In principle dropping it might be even security relevant, consider some (ab)use like: MYBASEDIR=/var/lib/foo #being readable for anyone but writable only for some user MYTMPDIR="$MYBASEDIR/$(tempfile -d)" mkdir -p "$MYTMPDIR" chown go= "$MYTMPDIR" Now with tempfile gone and no proper error handling in above's example, MYTMPDIR would be MYBASEDIR, and possibly sensitive data could end up in it (now world readable). Sure, the above would obviously be an abuse of tempfile,... but people might still do it. Thus, a big fat warning seems reasonable. Cheers, Chris.
