On 19/03/12 at 11:20 -0700, Don Armstrong wrote: > On Sun, 18 Mar 2012, Lucas Nussbaum wrote: > > Ah, bugs imports have been failing for a few days, with this error > > message: > > > > Environmental variable DEBBUGS_CONFIG_FILE set, and > > /org/bugs.debian.org/etc/config is not owned by the user > > running this script. at > > /org/udd.debian.org/mirrors/bugs.debian.org/perl/Debbugs/Config.pm line 111. > > > debian-debbugs@, what's the reason for the change that introduced that > > check? > > Primarily because you could run code as the user running the script by > setting that variable, and I wanted people to know that's what they > were doing. > > > It's not trivial to work around that in UDD because: > > - DSA does the mirroring for us, so files are owned by 'debbugs-mirror', > > not 'udd' > > - we use the perl modules from the mirror (we don't have our own copy) > > > > How do you recommend we fix this? > > One way would just be to cp /org/bugs/debian.org/etc/config foo; > DEBBUGS_CONFIG_FILE="foo"; blah blah blah; > > another would be to convince me that what I did out of an abundance of > caution wasn't particularly useful (which could be true.)
I kind-of fail to see the point. If I run a script as user 'lucas', I of course expect it to be run as user 'lucas', and I need to trust the code to some level. How is that different with debbugs ? Lucas -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
