Reviewed-by: Jamey Sharp <[email protected]> but there are a few things I'd quibble about. First, of course, the debian/changelog hunk doesn't go upstream. :-) A patch to the upstream repo in git-format-patch format would be easier to apply; see http://wiki.x.org/wiki/Development/Documentation/SubmittingPatches
On Fri, Jul 22, 2011 at 11:18:35PM -0400, Michael Gilbert wrote: > --- xauth-1.0.6.orig/man/xauth.man > +++ xauth-1.0.6/man/xauth.man > @@ -90,6 +90,10 @@ > A protocol name consisting of just a > single period is treated as an abbreviation for \fIMIT-MAGIC-COOKIE-1\fP. > > +WARNING: This usage is considered insecure since the secret magic cookie > +will be displayed in command histories and for example the output of ps. > +One should use the "merge" command (as described below) instead. Pay > +attention to it's warning as well. s/it's/its/ The "add" command is fine when used interactively, surely? This warning only applies to passing a subcommand as command-line arguments to xauth? > .TP 8 > .B "generate \fIdisplayname protocolname\fP \fR[\fPtrusted|untrusted\fR]\fP" > .B \fR[\fPtimeout \fIseconds\fP\fR]\fP \fR[\fPgroup \fIgroup-id\fP\fR]\fP > \fR[\fBdata \fIhexdata\fR] > @@ -155,6 +159,11 @@ > the \fInmerge\fP command is used, the numeric format given in the description > of the \fIextract\fP command is used. If a filename consists of just a > single > dash, the standard input will be read if it hasn't been read before. > + > +WARNING: Be careful with the single dash version as depending on the > +command chain (for example a combination using sudo), the secret key > +could be exposed to prying eyes in command histories and for example > +in the output of ps. > .TP 8 > .B "remove \fIdisplayname\fR..." > Authorization entries matching the specified displays are removed from the > _______________________________________________ > [email protected]: X.Org development > Archives: http://lists.x.org/archives/xorg-devel > Info: http://lists.x.org/mailman/listinfo/xorg-devel
signature.asc
Description: Digital signature
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
