On 1/3/20 9:52 AM, Michael Orlitzky wrote:
> But here we are. Do we make OpenRC Linux-only and steal the fix from
> systemd? Or pretend to support other operating systems, but leave them
> insecure?

Or the gripping hand: rewrite opentmpfiles in C, so that it's only as
insecure as checkpath.

Every option sucks. I was only trying to point out that vanilla-sources
gets no security support -- security@ has stated this, but it's on a
private bug, so I won't quote it -- and the risk is more than academic.

Reply via email to