1 |
On January 3, 2020 9:55:31 AM EST, Michael Orlitzky <mjo@g.o> wrote: |
2 |
>On 1/3/20 9:52 AM, Michael Orlitzky wrote: |
3 |
>> |
4 |
>> But here we are. Do we make OpenRC Linux-only and steal the fix from |
5 |
>> systemd? Or pretend to support other operating systems, but leave |
6 |
>them |
7 |
>> insecure? |
8 |
>> |
9 |
> |
10 |
>Or the gripping hand: rewrite opentmpfiles in C, so that it's only as |
11 |
>insecure as checkpath. |
12 |
> |
13 |
>Every option sucks. I was only trying to point out that vanilla-sources |
14 |
>gets no security support -- security@ has stated this, but it's on a |
15 |
>private bug, so I won't quote it -- and the risk is more than academic. |
16 |
|
17 |
This should be known. Security does not support vanilla-sources. This is one reason vanilla-sources are not stabilized. |
18 |
|
19 |
-- |
20 |
Sent from my Android device with K-9 Mail. Please excuse my brevity. |