On Fri, Dec 19, 2014 at 11:49:49PM +0100, Martin Carpenter wrote:
> Package: debian-policy
> Severity: important
> Tags: patch
>
> Dear Maintainer,
>
> The existing policy does not specify that the RPATH or RUNPATH (if
> present) should not contain relative paths or paths that traverse
> dangerou
On Sun, 21 Dec 2014, Martin Carpenter wrote:
> > "Packages are not allowed to create *and* execute libraries or executables
> > with unsafe RPATH or RUNPATH at any time, not even during their build
> > process."
>
> But actually "Package maintainers should not make or run dangerous
> stuff"? Agree
On Sat, 2014-12-20 at 02:10 -0200, Henrique de Moraes Holschuh wrote:
> IMHO, the suggested wording does get the point across that whomever wants to
> use RPATH/RUNPATH must be prepared to defend its use with strong technical
> reasons.
Exactly. Without it I was concerned this would tacitly condo
On Fri, 19 Dec 2014, Jonathan Nieder wrote:
> >> 8.7 RUNPATH and RPATH
> >>
> >> Libraries and executables should not define RPATH or RUNPATH unless
> >> absolutely necessary.
>
> This part seems vague to me --- if a project relies on RUNPATH but could
> be modified to avoid relying on it, is toda
Hi,
Martin Carpenter wrote:
>> 8.7 RUNPATH and RPATH
>>
>> Libraries and executables should not define RPATH or RUNPATH unless
>> absolutely necessary.
This part seems vague to me --- if a project relies on RUNPATH but could
be modified to avoid relying on it, is today's use of RUNPATH absolutel
Package: debian-policy
Severity: important
Tags: patch
Dear Maintainer,
The existing policy does not specify that the RPATH or RUNPATH (if
present) should not contain relative paths or paths that traverse
dangerous (eg world writable) directories. There is some discussion
of this on the OSS-secur
6 matches
Mail list logo
