Quoting Tim Retout (2013-07-22 10:06:56) > On 21 Jul 2013 00:05, "Jonas Smedegaard" <[1][email protected]> wrote: >> As mentioned in my previous reply I am working on getting the proper >> CPAN Data::UUID in Debian, so would be great if you could similarly >> take a look at that. > > I do not trust CPAN's Data::UUID for other reasons - I filed RT bug > #69277 a while ago (symlink attack): > > [3]https://rt.cpan.org/Public/Bug/Display.html?id=69277 > > This was while working on Debian bug #632608: > > [4]http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632608 > > In short, Data::UUID does not work well on multi-user systems. I seem > to recall that every user after the first to use the module will end > up ignoring whatever it was storing in /tmp. I can't see anything in > the changelog that has addressed this.
Arrgh...! You just educated me to inspect bugtrackers more closely: Perhaps if you'd not closed the Debian bug but left open and tagged as wontfix, then I'd noticed it when making a move now - but that doesn't excuse my lack of looking at upstream bugtracker(s - there are more than one!). - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
