Raphael Geissert <[EMAIL PROTECTED]> writes: > Attached are the following two patches in a git-friendly mbox format: > > lintian_enhanced_possibly-insecure-handling-of-tmp-files-in-maintainer-script.patch: > Requires the tmp dir name to have a name thus reducing the number of > false positives and allowing to check for = /tmp/foo thus also > decreasing the number of false negatives (or at least I hope it does).
> It no longer ignores mkdir as it may also suffer from attacks when the > error is ignored, compacts the mktemp/mkstemp checks and ignores the > line if $RANDOM is present. I'm not comfortable with removing mkdir on the grounds that it *might* not be error-checked. Nearly all maintainer scripts are error-checked, which makes mkdir safe. This otherwise looks okay, though, so I'll apply it without that change. > lintian_maintainer-also-in-uploaders.patch: > Added to detect situations where the person in the Maintainer field is also > in Uploaders. Thanks, applied with some changes to the long tag description and the addition of the Severity/Certainty tags. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
