Re: [PATCH 7/8] Makefile: don't delete dist tarballs directly by name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 05/11/2020 22:01, Junio C Hamano wrote:
> Ramsay Jones <ramsay@xxxxxxxxxxxxxxxxxxxx> writes:
> 
>> diff --git a/.gitignore b/.gitignore
>> index 6232d33924..425b8cc2a4 100644
>> --- a/.gitignore
>> +++ b/.gitignore
>> @@ -191,6 +191,7 @@
>>  /gitweb/static/gitweb.min.*
>>  /config-list.h
>>  /command-list.h
>> +/dist-tars
>>  *.tar.gz
>>  *.dsc
>>  *.deb
>> diff --git a/Makefile b/Makefile
>> index 90e91a2185..bc9ce28bc3 100644
>> --- a/Makefile
>> +++ b/Makefile
>> @@ -3083,6 +3083,7 @@ dist: git-archive$(X) configure
>>  		--prefix=$(GIT_TARNAME)/ HEAD^{tree} > $(GIT_TARNAME).tar
>>  	@$(RM) -r .dist-tmp-dir
>>  	gzip -f -9 $(GIT_TARNAME).tar
>> +	@echo $(GIT_TARNAME).tar.gz >>dist-tars
> 
> Sorry, but I'd rather not to see such a longer-term "list of files
> to be removed" on the filesystem.  This invites attackers to write a
> rogue test addition that writes into ../../dist-tars something like
> "~/.gitconfig" and wait for me to say "make clean".

Yes, that is a reasonable concern. I suppose we could drop the last
two patches then - most of the saving comes from the first four patches
(as you can see from the table in the cover letter).

Also, I had an alternative patch for the last patch, which did away with
the '-include GIT-VERSION-FILE' entirely! (That had treewide implications
that I hadn't sorted through yet).

ATB,
Ramsay Jones




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux