Source: opentmpfiles Version: 0.3.1-2 Severity: important Tags: upstream wontfix
I happened to notice that opentmpfiles is now unmaintained upstream: > Since systemd-tmpfiles is a single binary which can be compiled and > run without systemd, we have decided to retire this project. For more > information see the related issue[1]. > [1] https://github.com/OpenRC/opentmpfiles/issues/19 If someone wants to maintain a non-systemd implementation of tmpfiles.d in Debian, they should probably either become the upstream maintainer of a fork of opentmpfiles that fixes its RC bugs, or package a different implementation that does not suffer from CVE-2017-18925 (the upstream issue mentions an implementation in Rust, but I don't know whether it's production-ready). systemd/experimental adds a systemd-standalone-tmpfiles binary package that can be used on Linux ports without using systemd as pid 1, although that isn't in unstable yet, and is probably not suitable for kFreeBSD or Hurd. smcv