Is this warning:
htpasswd.o: In function `main':
/x1/home/chuck/httpd-2.0-nightly/support/htpasswd.c(.text+0xa84): warning: tmpnam() possibly used unsafely; consider using mkstemp()
1) the sort of thing to involve apr in, or
Yes... it has to be portable [although not equally effective on all platforms, that will depend on the API.]
It doesn't seem that big a deal to us so I'd opt for 2) which is at least a bit tighter.
It is... that's why it's been left with the warning rather than easily closing the
warning with option 2 as you suggested. As long as the warning remains,
it's a kick in the pants to push us to do it the right way.
Bill
