I suspect it's needless defensive programming. ;)
the comment was indeed irrelevant -- if you look at r5027:
http://svn.apache.org/viewvc?view=rev&revision=5027 it includes a change
to Dns.pm as well, so I suspect I accidentally checked in the spamd.raw
change by accident alongside it, and left it as-is, uncommented, once I
realised that.
ok, I've reversed it in trunk; r415638. I can't see any good reason
to do it, either.
--j.
Radoslaw Zielinski writes:
> Hello,
>
> What's the point of of change 5027 [1] to spamd.raw? Consists of:
>
> my ($uid,$gid) = (getpwnam('nobody'))[2,3];
> + $uid =~ /^(\d+)$/ and $uid = $1; # de-taint
> + $gid =~ /^(\d+)$/ and $gid = $1; # de-taint
>
> ...in multiple places. getpwnam output is not tainted.
>
> I suggest backing it out. "$foo =~ /(.*)/ && $foo = $1" wherever
> possible is not the proper use of -T (as proven by bug 4926).
>
> The change is described as "couple of minor tweaks to Net::DNS use2";
> I guess it's a mistake.
>
>
> [1]
> http://svn.apache.org/viewvc/spamassassin/trunk/spamd/spamd.raw?r1=5016&r2=5027
>
> --
> RadosÅaw ZieliÅski <[EMAIL PROTECTED]>
