[prev in list] [next in list] [prev in thread] [next in thread] 

List:       binutils
Subject:    Re: [Patch]: upgrade to automake 1.11.1
From:       "Joseph S. Myers" <joseph () codesourcery ! com>
Date:       2010-03-31 20:20:17
Message-ID: Pine.LNX.4.64.1003312016590.30806 () digraph ! polyomino ! org ! uk
[Download RAW message or body]

On Wed, 31 Mar 2010, Jim Meyering wrote:

> > Checking for world-writable distributed directories might make sense (that
> 
> The net effect (world-writable dist dirs) is not the real risk.
> The risk is that while the tarball is being created, the directories
> being put into it are world writable, and so can potentially
> be made to contain anything.  If you or anyone else then use the

But checking for world-writable directories in the tarball seems like a 
more reliable way of determining whether the build of the tarball was 
exposed to the risk than checking for "make dist" rules that may be dead 
code for any package not using "make dist" to make its releases (while 
failing to check for other packaging scripts, such as that used by GCC, 
that also implement that former requirement of the GNU Coding Standards).

-- 
Joseph S. Myers
joseph@codesourcery.com

[prev in list] [next in list] [prev in thread] [next in thread]