On Tue, Apr 10, 2007 at 10:10:09PM -0400, seth vidal wrote: > On Tue, 2007-04-10 at 21:06 -0500, Michael E Brown wrote: > > On Tue, Apr 10, 2007 at 08:39:25PM -0400, Jeremy Katz wrote: > > > On Tue, 2007-04-10 at 20:20 -0400, seth vidal wrote: > > > > On Wed, 2007-04-11 at 00:43 +0200, Hans-Peter Jansen wrote: > > > > > Am Dienstag, 10. April 2007 07:19 schrieb seth vidal: > > > > > > Tarball: > > > > > > http://linux.duke.edu/yum/download/3.0/yum-3.0.6.tar.gz > > > > > > > > > > Any specific reason, why the tarball contains all those CVS dirs, or > > > > > just > > > > > escaped your notice? > > > > > > > > > It doesn't contain anymore than any other release of yum has. or do you > > > > mean in general, why do we leave the CVS dirs in place? and if so I'd > > > > say you might have a point. :) > > > > > > In fact, what about the following to add a 'make dist' target that does > > > an export off of the tag for the release? > > > > This patch creates a /tmp file vulnerability for anybody making a build, > > where attacker can overrite arbitraary files owned by the person running > > the build. > > but the script runs on my laptop. > > I'm really positive there are no attackers on my laptop. Hell, I'll turn > off wireless to prove it :)
Yeah, but are you the only person who ever makes a yum build? I know I've made a few. -- Michael _______________________________________________ Yum-devel mailing list [email protected] https://lists.dulug.duke.edu/mailman/listinfo/yum-devel
