| 1 |
On January 3, 2020 9:55:31 AM EST, Michael Orlitzky <mjo@g.o> wrote: |
| 2 |
>On 1/3/20 9:52 AM, Michael Orlitzky wrote: |
| 3 |
>> |
| 4 |
>> But here we are. Do we make OpenRC Linux-only and steal the fix from |
| 5 |
>> systemd? Or pretend to support other operating systems, but leave |
| 6 |
>them |
| 7 |
>> insecure? |
| 8 |
>> |
| 9 |
> |
| 10 |
>Or the gripping hand: rewrite opentmpfiles in C, so that it's only as |
| 11 |
>insecure as checkpath. |
| 12 |
> |
| 13 |
>Every option sucks. I was only trying to point out that vanilla-sources |
| 14 |
>gets no security support -- security@ has stated this, but it's on a |
| 15 |
>private bug, so I won't quote it -- and the risk is more than academic. |
| 16 |
|
| 17 |
This should be known. Security does not support vanilla-sources. This is one reason vanilla-sources are not stabilized. |
| 18 |
|
| 19 |
-- |
| 20 |
Sent from my Android device with K-9 Mail. Please excuse my brevity. |
Archives