This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch]: upgrade to automake 1.11.1

On Wed, 31 Mar 2010, Jim Meyering wrote:

> > Checking for world-writable distributed directories might make sense (that
> 
> The net effect (world-writable dist dirs) is not the real risk.
> The risk is that while the tarball is being created, the directories
> being put into it are world writable, and so can potentially
> be made to contain anything.  If you or anyone else then use the

But checking for world-writable directories in the tarball seems like a 
more reliable way of determining whether the build of the tarball was 
exposed to the risk than checking for "make dist" rules that may be dead 
code for any package not using "make dist" to make its releases (while 
failing to check for other packaging scripts, such as that used by GCC, 
that also implement that former requirement of the GNU Coding Standards).

-- 
Joseph S. Myers
joseph@codesourcery.com
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]