Hello, from Helmut Grohne <hel...@subdivi.de> I have just get:
> 2. I am very uneasy about the following hunk to script/scons:
>
> | +# - running from source takes priority (since 2.3.2), excluding
> SCONS_LIB_DIR settings
> | +script_path = os.path.abspath(os.path.dirname(__file__))
> | +source_path = os.path.join(script_path, '..', 'engine')
> | +libs.append(source_path)
>
> Importing random python modules from .. is a route to security
> issues. Even if upstream is keen on keeping this hack to make scons
> work better when used from source, the Debian package almost
> certainly should revert it.
Any hints about this?
Thanks
CU
Jörg
--
pgp Fingerprint: 7D13 3C60 0A10 DBE1 51F8 EBCB 422B 44B0 BE58 1B6E
pgp Key: BE581B6E
CAcert Key S/N: 0E:D4:56
Jörg Frings-Fürst
D-54526 Niederkail
Threema: SYR8SJXB
IRC: j_...@freenode.net
j_...@oftc.net
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Scons-dev mailing list Scons-dev@scons.org https://pairlist2.pair.net/mailman/listinfo/scons-dev
