On Thu, 2021-08-19 at 15:57 +0000, Clint Adams wrote: > Do you have some proposed text? I would be likely to end up with a > 15-page > screed which would be helpful to almost no one.
Well I guess it doesn't make sense to explain the possible awkward security impact in detail. That would at most make sense to somehow "automatically" scan all Debian packages for the use of tempfile. But given that this is probably a very common name, grepping for it may also be useless. So I'd probably simply add a text like: ---- tempfile has been removed and replaced by GNU coreutils’ mktemp (see it’s manpage for different options). Notice that any use of tempfile in scripts or programs must be updated. Failure in doing so, could even have security implications. ---- But I'd also be fine if you just mention that it's gone. And the same perhaps for all other tools that are gone (or once they do). Cheers, Chris.
