1 |
On 1/3/20 9:52 AM, Michael Orlitzky wrote: |
2 |
> |
3 |
> But here we are. Do we make OpenRC Linux-only and steal the fix from |
4 |
> systemd? Or pretend to support other operating systems, but leave them |
5 |
> insecure? |
6 |
> |
7 |
|
8 |
Or the gripping hand: rewrite opentmpfiles in C, so that it's only as |
9 |
insecure as checkpath. |
10 |
|
11 |
Every option sucks. I was only trying to point out that vanilla-sources |
12 |
gets no security support -- security@ has stated this, but it's on a |
13 |
private bug, so I won't quote it -- and the risk is more than academic. |