On Fri, 2009-01-09 at 10:18 +0100, Philipp Kern wrote: > On Thu, Jan 08, 2009 at 11:20:43PM +0000, Adam D. Barratt wrote: > > The devscripts package in etch has an insecure temporary directory issue > > when signing files which are copied from a remote machine; see #507482. > > > > The security team don't consider this to warrant a DSA - would it be > > suitable for a stable update? I've attached a minimal debdiff. > > Would be acceptable,
Thanks. > but I wonder if the usage of $TEMP_DIR after cd and rm should be quoted? Quoting shouldn't be required around the variable, as the output of mktemp should be sane; I'm happy to add quoting if you'd prefer, however. (To be honest, I don't think any of the quoting around the mktemp call itself is actually required, I just tend to apply belt-and-braces). Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
