Hi Jörg,
On 08.11.2014 11:42, Jörg Frings-Fürst wrote:
Hello,
from Helmut Grohne <[email protected]> I have just get:
> 2. I am very uneasy about the following hunk to script/scons:
>
> | +# - running from source takes priority (since 2.3.2), excluding
> SCONS_LIB_DIR settings
> | +script_path = os.path.abspath(os.path.dirname(__file__))
> | +source_path = os.path.join(script_path, '..', 'engine')
> | +libs.append(source_path)
>
> Importing random python modules from .. is a route to security
> issues. Even if upstream is keen on keeping this hack to make scons
> work better when used from source, the Debian package almost
> certainly should revert it.
Any hints about this?
I fail to see how this affects the integrity and security of a Debian
installation/distribution. When Helmut Grohne says that "the Debian
package almost certainly should revert it." is this based on anything
more than his very personal opinion, and a good portion of FUD?
Best regards,
Dirk
_______________________________________________
Scons-dev mailing list
[email protected]
https://pairlist2.pair.net/mailman/listinfo/scons-dev
