-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/18/2011 07:53 PM, Jonas Smedegaard wrote: > Hi Robin, > > On 11-04-18 at 07:29pm, Robin Gareus wrote: >> I've added config-templates and postinst configuration (passwords, >> hostname, enable-service) to icecast2. > > Nice! > > >> Attached patch applies to revision baf67ba (currently HEAD) on >> http://git.debian.org/?p=pkg-multimedia/icecast2.git >> >> What would be needed to get this into the official icecast2 debian >> package? > > Please open a bugreport against the package and include the patch there.
done. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623256 I inadvertently attached the patch twice (`reportbug` did not list the attachments; so I thought it missing.. sorry). > Also, it seems to me from briefly reading it, that you (briefly) expose > passwords to all local users by printing it as part of an ed command. AFAICT it does not. It's cat << _EOF_ | ed ... So the password is piped to ed and not visible to other process. > That is (if correctly read) a security flaw and should be avoided. > > One way to avoid it is to export the passwords as environment variables > and then run a short perl script which uses those same variables. > > Like this (from a CipUX routine): > > export pw="bla" > > perl -i -pe "s/[ \t]*#([ \t]*password[ \t]*=).*/\$1\$ENV{'pw'}/" file > > > But please, instead of discussing further here, file a bugreport and > let's continue the discussion there :-) sure. It's also not-using-po-debconf for internationalization, yet. Anyway, one step at a time. Cheers! robin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2shiUACgkQeVUk8U+VK0Ko3QCgiMrJbgnY4Go9BO3JafeTF6vQ LDUAoJ5kOTymrxrjOLSz/lSLBNnEyJI/ =9PO7 -----END PGP SIGNATURE----- _______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
