El dc 07 de 03 de 2012 a les 14:09 +0800, en/na Paul Wise va escriure: > Package: apertium-dbus > Version: 0.1-1.1 > Severity: normal > File: /usr/share/apertium/dbus-1/mode.py > Usertags: cruft tmp > > apertium-dbus sets up debugging output to /tmp/mode.log and then never > uses it. It should not setup this log file at all if it will not use it. > > In addition, it is very inappropriate to not respect $TMPDIR. > > In addition, it is very inappropriate to put files in /tmp and not clean > them up. > > In addition, it is very inappropriate to put log files in /tmp/. > > In addition, it is very inappropriate to use predictable filenames > in /tmp, in this case it doesn't seem to result in any vulnerability > though since it is opened but never used. > > I guess what I am trying to say is, please drop this code.
Done, commented out. $ svn commit -m "comment out logging" Sending src/mode.py Transmitting file data . Committed revision 36524. Fran -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
