On Sun, Jun 15, 2014 at 02:49:29PM -0700, David Aguilar wrote: > I don't think this requires a CVE since it's basically plugging a hole > that my previous patch introduced by making gitk honor the TMPDIR > variable; it hasn't strictly been in any release yet. Yeah, that's not needed, then. I didn't notice it was the immediately previous patch. My bad. > Hmm.. I guess what I could do is keep the old behavior (having gitk > ignore TMPDIR) on Windows and only use the new code path on > non-Windows. > > That seems like it'd be the simplest implementation (no need to check > versions) and the least harmful to existing users (avoids a tcl > upgrade or mkdtemp installation for Windows users). Yeah, that would be the safest bet. Maybe a comment to that effect would be appropriate, so that when Tcl gets upgraded, that change can be removed. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature