My apologies for writing about this. I found one previous thread that mentioned it, but it was working a clock_t problem. Cf., https://lists.gnu.org/archive/html/bug-guile/2011-05/msg00024.html
I'm seeing the following when compiling libguile-2.2.2 from sources. The use of tmpnam caught my eye because I have not seen that warning in years. I thought it went extinct in the early 2000's. At this point it time its probably best to use an equivalent function with better security properties. If an equivalent function with better security properties is not feasible, then I would prefer to remove it all together. Its 2017 and any program calling tmpnam is defective. I'm happy to configure libguile to remove tmpnam and break other libraries. I don't believe its a configuration option at the moment. `./configure --help | egrep 'tmpnam|insecure'` returns 0 hits. I regularly configured OpenSSL with no-ssl2 and no-ssl3 years before OpenSSL made it a default. I was always able to manage without the broken protocols. I promise most users will not miss it. If interested, I'm building GnuTLS from sources, including its dependencies. GnuTLS is high integrity software. Supply chain management kind of dictates it should not be calling a module that provides or uses tmpnam. Jeff ************************************************** $ make V=1 ... .libs/libguile_2.2_la-net_db.o .libs/libguile_2.2_la-socket.o .libs/libguile_2.2_la-regex-posix.o -Wl,--whole-archive ../lib/.libs/libgnu.a -Wl,--no-whole-archive -Wl,-rpath -Wl,/usr/local/lib -lgc -lffi -L/usr/local/lib /usr/local/lib/libunistring.so /usr/local/lib/libiconv.so /usr/local/lib/libgmp.so /usr/lib/x86_64-linux-gnu/libltdl.so -lcrypt -ldl -lpthread -lm -m64 -march=native -Wl,-z -Wl,relro -Wl,--version-script=./libguile.map -m64 -Wl,-rpath -Wl,/usr/local/lib -Wl,-soname -Wl,libguile-2.2.so.1 -o .libs/libguile-2.2.so.1.2.0 .libs/libguile_2.2_la-posix.o: In function `scm_tmpnam': posix.c:(.text+0x2003): warning: the use of `tmpnam' is dangerous, better use `mkstemp' libtool: link: (cd ".libs" && rm -f "libguile-2.2.so.1" && ln -s "libguile-2.2.so.1.2.0" "libguile-2.2.so.1") libtool: link: (cd ".libs" && rm -f "libguile-2.2.so" && ln -s "libguile-2.2.so.1.2.0" "libguile-2.2.so")
