On Mon, Jun 5, 2017 at 11:35 PM, Arnaud wrote: > mentors.debian.net says there's a problem. I'm not sure what's wrong.
Probably due to the old version of uscan it uses. > The package is now built with `gbp` from a git tag. I guess it fixes the > problem. Please verify that is the case. > I have no idea where are the source images, when I jumped in PNMixer > development there was only the PNG files, and I don't think the XCF files > will ever be found. That is a shame, you might want to mention in the README that the XCF files were lost so now any modifications will be to the PNG files. >> Instead of g_spawn_command_line_async() you should use g_spawn_async(). > > Sorry, disagreeing on this one, g_spawn_command_line_async() is definitely > what I want to use, it's the right tool for the job. Looking more closely it seems I was wrong and the g_spawn_command_line*() functions are actually safe. I had assumed they would run the command-line by using the shell, which could mean shell metacharacter injection attacks. > And if the implementation is bad and uses too many pid, no worries. I think you may have misunderstood the point of my blog post, it is more about shell metacharacter injection attacks. > Fixed a few things, but there's way too much stuff there, I didn't take time > to look through everything. For the next release :) Please consider running lintian/check-all-the-things/etc as often as you can (such as before each release or before every commit) and chipping away at the issues when you have time. -- bye, pabs https://wiki.debian.org/PaulWise
