On Sun, Jun 15, 2014 at 02:49:29PM -0700, David Aguilar wrote:
> I don't think this requires a CVE since it's basically plugging a hole
> that my previous patch introduced by making gitk honor the TMPDIR
> variable; it hasn't strictly been in any release yet.

Yeah, that's not needed, then.  I didn't notice it was the immediately
previous patch.  My bad.

> Hmm.. I guess what I could do is keep the old behavior (having gitk
> ignore TMPDIR) on Windows and only use the new code path on
> non-Windows.
> That seems like it'd be the simplest implementation (no need to check
> versions) and the least harmful to existing users (avoids a tcl
> upgrade or mkdtemp installation for Windows users).

Yeah, that would be the safest bet.  Maybe a comment to that effect
would be appropriate, so that when Tcl gets upgraded, that change can be

brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply via email to