> > - There's no danger of a symlink attack or similar with things like > > tmpreaper -- or indeed any need for tmpreaper anymore. You reboot the > > system, and /tmp is clean again, no matter what was there before. This > > is more than just a convenience.
We really ought to fix tmpreaper then, it can be very dangerous to have any race conditions in it. At first glance, it looks like tmpreaper needs a resync it with its upstream to pick up any bug fixes (https://fedorahosted.org/tmpwatch/). Is there any good reason to package a fork instead of working with upstream to merge any functionality introduced in tmpreaper? Paul? What should be the fate of tmpreaper? If you're not maintaining it anymore, can you orphan it at least to make that clear? -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120613125137.gc26...@khazad-dum.debian.net
