Scribit Steve Langasek dies 18/11/2005 hora 18:19: > While it is desirable to have sed preserve EAs and ACLs when used with > -i, I think this severity is overinflated and the security tag is > incorrect.
I won't argue on the severity (I was not really sure which I had to choose), but the bug indeed affects the security of the user's account. > There are lots of ways that one can manage to lose ACLs and EAs on > files using traditional Unix tools; But shouldn't simply *all* problematic packages be filed a security bug? > Given that most users are going to get this wrong when *not* using the > -i option to sed for in-place editing, I don't see any grounds for > treating this as a grave bug. I see this the opposite way: that make the bug and it's little brothers more serious, because it's not isolated... Quickly, Nowhere man -- [EMAIL PROTECTED] OpenPGP 0xD9D50D8A
signature.asc
Description: Digital signature