© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Thanks for the review.
> The cppcheck/coverity result involving the 'va_start()' call with no corresponding 'va_end()' call in common.c be corrected in the code.
Thanks, I will fix this. cppcheck looks trivial to incorporate for future use. Is coverity available somehow if I wanted to run that in the future?
> Is there a reason why the 'iso-menu-session' saves the recovered JSON files in '/tmp'? Could we consider possibly changing the script to have this data be saved in a better location?
Changes here should not be difficult - what would the ideal solution look like to you? Is the concern world visibility on that directory? Maybe a `mktemp -d` with a umask of 077 instead? Something under /run instead of /tmp?
> Is there a reason why we wouldn't be able to use GPG signatures in order to guarantee that the contents of the recovered JSON files are trustyworthy? Could we possibly consider using GPG signatures to check that the actual content of the recovered JSON files are trusted, instead of only relying in TLS and hardcoded values only, should there be nothing stopping us from doing so?
Nothing prevents this, so this can be implemented. I will do so.