andpab commented on code in PR #554:
URL: https://github.com/apache/maven-surefire/pull/554#discussion_r1059513138
##########
surefire-api/src/main/java/org/apache/maven/surefire/api/util/TempFileManager.java:
##########
@@ -180,6 +180,8 @@ public synchronized File createTempFile( String prefix,
String suffix )
throw new UncheckedIOException( new IOException(
"Unable to create temporary directory " +
tempDir.getAbsolutePath() ) );
}
+ // try to make temp file directory writable for all
+ tempDir.setWritable( true, false );
Review Comment:
Thanks for the explanation.
I understand the rationale now, but what about the scenario that
`java.io.tmpdir` is set to a user-specific location in an otherwise protected
area? I still think there should be a difference in scrutiny applied between
writing to a destination that is already world-writable by design and
explicitly making the destination world-writable.
How about passing the username through `URLEncoder#encode` instead of
removing special characters? That is guaranteed to create a directory name that
is collision-free and valid on all file systems. It also handles the issue
immediately at the code location where it arises rather than working around it
somewhere else in a manner that is not particularly easy to grasp.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
