On Mon, 6 May 2024 at 16:42, Simon Richter <s...@debian.org> wrote: > > Hi, > > On 5/6/24 19:57, Michael Biebl wrote: > > > Afaik, /var/tmp has never been cleaned up on /boot. > > So I'm not sure what you mean with "no longer"? > > Oof, you're right, it was /tmp, /var/run, /var/lock: > > [ "$VERBOSE" != no ] && echo -n "Cleaning" > [ -d /tmp ] && cleantmp > [ -d /var/run ] && cleanrun > [ -d /var/lock ] && cleanlock > [ "$VERBOSE" != no ] && echo "." > > Would it make sense to make it a bug for a package to use /var/tmp (on > my system, I can see files from audacity and reportbug there) and > declare that this directory is for the use of the sysadmin only?
In general it should be the opposite, it's fine for packages to use /tmp or /var/tmp (using appropriate measures such as random file/dir names to avoid clashes and attacks), as long as it's really for temporary stuff, as in, if they are lost it's not a problem and they are recreated. If you are storing your precious irreplaceable state on /tmp or /var/tmp, then you are doing it wrong (TM). In general it's users who should be careful and know what they are doing, especially due to the world-writable nature of both directories.