http://www.openwall.com/lists/oss-security/2016/05/10/5 <-- link to that discussion!
On Wed, May 11, 2016 at 4:55 PM, Russ Allbery <r...@debian.org> wrote: > Daniel Stender <sten...@debian.org> writes: > >> Distributed source control management/revision control system. Known as >> being used for the Linux kernel development before Git was created. The >> now have put the code under the Apache-2.0 license. Maybe some would >> like to use this, so it would do no harm to have it as a Debian package. > > FWIW, there was a fairly entertaining exchange on oss-security earlier > this week in which someone pointed out it was riddled with /tmp > vulnerabilities found with a simple grep, and the author said that no one > had cared because it was only deployed behind firewalls. > > -- > Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> > -- :wq
