Bob,
Le 08/09/2024 à 16:28, Bob Friesenhahn via Tiff a écrit :
Use of Sphinx should have been limited to maintainer mode. While
testing here (with Sphinx installed) I see the concerning issue that
the Sphinx documentation targets are executed again under 'make
install', which is often/normally run as root. The 'make install'
step should only be installing files which were already produced
during the 'make' state. It is not clear why 'make install' is
re-doing the steps already done by 'make'.
This seems like a security issue.
Sub-optimal: yes . "Security issue": no, unless there would be malicious
content in our sphinx setup.
Should be fixed per
https://gitlab.com/libtiff/libtiff/-/merge_requests/657. I don't see
this as a RC blocker however. We have lived with that since 4.5.0
without the world falling apart.
Even
--
http://www.spatialys.com
My software is free, but my time generally not.
_______________________________________________
Tiff mailing list
Tiff@lists.osgeo.org
https://lists.osgeo.org/mailman/listinfo/tiff
