From: Peter Stephenson <pws@csr.com>
To: zsh-workers@sunsite.dk
Subject: Re: difflog.pl and "security"
Date: Mon, 3 Dec 2007 10:42:56 +0000 [thread overview]
Message-ID: <20071203104256.09dc9684@news01> (raw)
In-Reply-To: <071202174520.ZM3017@torch.brasslantern.com>
On Sun, 02 Dec 2007 17:45:19 -0800
Bart Schaefer <schaefer@brasslantern.com> wrote:
> On Dec 2, 4:40pm, Clint Adams wrote:
> }
> } There seems to be some excitement[1] about the tempfile handling in
> } difflog.pl.
>
> I'll bet the number of times difflog.pl has been run in the last four
> years, by anyone, could be counted on one hand. Why would Gentoo even
> include it in the packages? It's strictly a tool for those maintaining
> two zsh code branches in parallel.
Yes, I'm more worried about the implication that anything distributed will
be assumed to be robust for any usage. In the usage for which difflog.pl
is supplied, security is not an issue since you're diffing two publicly
available logs. People need to be discouraged from thinking the same
script will work as a heavy-duty tool for logs that might need more
security.
Maybe we should simply leave it out of the distribution (but leave it in
the archive), since it's essentially no use unless you have a CVS tree. It
might be worth adding a new list in .distfiles to indicate this...
It looks like the "distfiles" stuff isn't yet documented, as far as I can
see.
Index: Etc/zsh-development-guide
===================================================================
RCS file: /cvsroot/zsh/zsh/Etc/zsh-development-guide,v
retrieving revision 1.14
diff -u -r1.14 zsh-development-guide
--- Etc/zsh-development-guide 6 Jul 2007 21:52:39 -0000 1.14
+++ Etc/zsh-development-guide 3 Dec 2007 10:39:38 -0000
@@ -826,3 +826,33 @@
zsh The Zsh Development Group (contact: <coordinator@zsh.org>)
Below the top level, naming authority is delegated.
+
+
+Distribution of files
+---------------------
+
+zsh is distributed in two parts: a "src" distribution containing all
+the source files (roughly, but not exactly, corresponding to the CVS
+tree), and a "doc" distribution containing some pre-built files from
+the documentation directory. All the files in the "doc" distribution
+may be generated from files in the "src" distribution with appropriate
+freely available tools.
+
+To indicate which files should be distributed, each directory in the CVS
+tree includes a file .distfiles that sets any number of a set of Bourne
+shell (scalar) parameters. The value of the parameter is expanded as a
+set of standard command line arguments. Basic globbing is allowed in the
+values.
+
+The following parameters are currently used:
+
+- DISTFILES_SRC is a list of files from the directory for the "src"
+ distribution.
+
+- DISTFILES_DOC is a list of files from the directory for the "doc"
+ distribution.
+
+- DISTFILES_NOT is a list of files that will not be included in a
+ distribution, but that need to be present in the CVS tree. This
+ variable is not used by the zsh build process and is present for
+ the convenience of external checks.
Index: Util/.distfiles
===================================================================
RCS file: /cvsroot/zsh/zsh/Util/.distfiles,v
retrieving revision 1.3
diff -u -r1.3 .distfiles
--- Util/.distfiles 19 Mar 2004 10:53:04 -0000 1.3
+++ Util/.distfiles 3 Dec 2007 10:39:39 -0000
@@ -1,5 +1,11 @@
DISTFILES_SRC='
.distfiles
- check_exports difflog.pl helpfiles mkdisttree.sh reporter
+ check_exports
+ helpfiles
+ mkdisttree.sh
preconfig
+ reporter
+'
+DISTFILES_NOT='
+ difflog.pl
'
--
Peter Stephenson <pws@csr.com> Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK Tel: +44 (0)1223 692070
next prev parent reply other threads:[~2007-12-03 10:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-02 21:40 Clint Adams
2007-12-03 1:45 ` Bart Schaefer
2007-12-03 10:42 ` Peter Stephenson [this message]
2007-12-03 16:33 ` Bart Schaefer
2007-12-03 17:36 ` Peter Stephenson
2007-12-03 18:37 ` Bart Schaefer
2007-12-03 21:36 ` Wayne Davison
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20071203104256.09dc9684@news01 \
--to=pws@csr.com \
--cc=zsh-workers@sunsite.dk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).