| 1 |
On 1/3/20 9:52 AM, Michael Orlitzky wrote: |
| 2 |
> |
| 3 |
> But here we are. Do we make OpenRC Linux-only and steal the fix from |
| 4 |
> systemd? Or pretend to support other operating systems, but leave them |
| 5 |
> insecure? |
| 6 |
> |
| 7 |
|
| 8 |
Or the gripping hand: rewrite opentmpfiles in C, so that it's only as |
| 9 |
insecure as checkpath. |
| 10 |
|
| 11 |
Every option sucks. I was only trying to point out that vanilla-sources |
| 12 |
gets no security support -- security@ has stated this, but it's on a |
| 13 |
private bug, so I won't quote it -- and the risk is more than academic. |
Archives