On Thu, Dec 08, 2016 at 06:24:32PM +0100, Didier 'OdyX' Raboud wrote: > Le jeudi, 8 décembre 2016, 18.14:12 h CET Tollef Fog Heen a écrit : > > Using open like in the code snippet above is pretty much inexcusable in > > this day and age. > > Fair enough, thanks for the explanation. > > Ron: could you point us to your report of this problem to the upstream > bugtracker or list? What was the answer you got?
I didn't audit that code exhaustively when Punit proposed uploading it, there were already enough things obviously wrong with what he was suggesting to go through all of it with a fine toothed comb to find more before he'd shown any interest in addressing the first lot. But it stood out like a sore thumb when I was fact checking the answer to Phil's question about the CGI being a hopeless case, to be sure that my answer was as accurate as possible over the range of changes that have happened to it. It certainly seems like something that anyone professing that they should be trusted to maintain this probably should have been looking at when the red flags went up about upstream's idea of what is adequately secure ...
