Just a FYI, I back ported this fix to 1.5.6 which should apply pretty easily to
the version of pip in testing and unstable. Essentially it will use a random
and securely created build directory in most every situation except the one
that relies on having a predictable build directory.
The patch is
I just fixed this in pip’s develop branch. It’s not released yet though, but it
will be in pip 6.0.
---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact lis
Package: python-pip
Version: 1.4.1-2
Severity: normal
Tags: security
Usertags: tmp
pip uses a non-random per-user build directory that is in /tmp. This
means that any user can prevent any other user from installing packages.
There is the --build-directory option to override this but it isn't
docum
3 matches
Mail list logo
