Severity: critical now that I look at it again,
1- if we don't fix this bug, C-L-C is unusable to whomever doesn't configure asdf-output-translations himself. 2- C-L-C needs to (asdf:clear-output-translations) and (asdf:clear-source-registry) right before it dumps images, for all implementations. 3- This is NOT ENOUGH. Actually using /var/cache/$UID without doing the permission checking, etc., will reopen the security issue with bug 328633. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328633 http://www.debian.org/security/2005/dsa-811 4- There is no "good" place in ASDF currently into which to hook such security checking. Maybe a :before method on perform for compile-op or load-op on systems. Meh. If you have a good idea for an API for that, or want to discuss the issue, please send a message to the asdf-devel mailing-list. 5- Short of including such hook, the "simple" solution is to use ASDF's builtin per-user cache facility, except maybe for the root user. 6- CLC needs to update ASDF to latest, anyway. Sigh. Sorry for the trouble. Getting there. [ François-René ÐVB Rideau | Reflection&Cybernethics | http://fare.tunes.org ] Austrian economics is the second law of thermodynamics to every other economist's perpetual motion machines. — Faré -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
