[Please Cc: me on replies.] Dear mentors,
I maintain the package micro-evtd. I am preparing an updated version of my package to fix the serious bug #666218. My sponsor has asked me to seek your feedback on a separate bug that I found in my packaging. While running, micro-evtd periodically writes a status file containing temperature and fan speed information. In the upstream code, this file has a hard-coded location in /tmp. I have fixed bug #513353 (insecure /tmp file creation) in testing, but my fix is buggy in that it results in the status file being created in the same directory where the the daemon's event handler script resides; in Debian, this is /usr/sbin. To sum up: any system that has had version 3.4-1 of micro-evtd installed is likely to contain a status file in /usr/sbin that dpkg doesn't know about, and I'm not sure what the best way to resolve this is. The micro-evtd 3.4-2 package currently available on m.d.n, in its postinst, unconditionally removes the generated file, if it finds it. Before releasing this update I will ensure that the removal only happens when upgrading from 3.4-1. Is this safe to do? Are there other safety measures that I should consider, or is this something I should just notify the administrator about and let them deal with? Thanks, Ryan -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/camxh3qcejgexxomhu--jmkg3nnussnnenny8_+iwwzrk5nl...@mail.gmail.com
