* Johannes Schauer <j.scha...@email.de>, 2014-07-18, 12:00:
But there's a good reason --dry-run is described as “unsafe” in the
mktemp manpage.
What is the reason? I thought the reason for it being called "unsafe"
was that if you use --dry-run first and then create the directory with
that name yourself then somebody else could hijack that location in the
meantime.
That's right.
But this is no problem for this use case.
If an attacker can predict what the victim's $HOME is going to be, they
can overwrite arbitrary files by creating a $HOME/.FontForge/prefs
symlink. More sophisticated attacks might be also possible.
Your d/copyright says:
Files: *
Copyright: 2012 WANG Lu <coolwan...@gmail.com>
Shouldn't it be s/WANG Lu/Lu Wang/? The latter seems to be the spelling
used in the code.
More importantly, some files have newer copyright dates. For example,
src/pdf2htmlEX.cc reads:
// Copyright (C) 2012-2014 Lu Wang <coolwan...@gmail.com>
Please bump date in d/changelog. :-)
From the wishlist department:
You might want to implement DEP-8 tests.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
