Comment 25 for bug 12030

Message-ID: <email address hidden>
Date: Wed, 19 Jan 2005 09:08:38 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
To: <email address hidden>
Cc: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
Subject: Re: Bug#289560 acknowledged by developer (Bug#289560: fixed in vim 1:6.3-058+1)

--fdj2RfSjLxBAspz7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

> * added a new patch (stolen from Ubuntu) which modifies vimspell.sh and
> tcltags.sh so they use mktemp instead of insecure $$ construction to
> create temporary files (CAN-2005-0069) (closes: #289560)

A few comments and questions regarding this entry:

- the scripts seem to be ancient and no longer supported by either their=20
authors nor vim maintainer and have been removed upstream.

- I understand that Ubuntu's patch might be simpler, but I actually wrote=
=20
the patch based on what's done in vim's tcltutor script. There were some=20
reasons I wrote it which have been disregarded (mostly compatibility=20
reasons for things that don't have mktemp/tempfile)
(I can't find it in Ubuntu's bugzilla 5633 but found it in our BTS #291125)

- no credit is given to me, which I would have appreciated

- Ubuntu's patch for tcltags will remove the temporary file *twice* (once
on exit, once after the trap is called) as the last line of the script has
not been removed (rm $tmp_tagfile) as I did in my patch.

Regards

Javier

--fdj2RfSjLxBAspz7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB7hWGi4sehJTrj0oRAqDnAKC/VNkaR3c53ic2WJvChz1GVEX1JwCeM+8u
BJ2Ur/vRHN1jeh4AirAXiOY=
=fC6E
-----END PGP SIGNATURE-----

--fdj2RfSjLxBAspz7--