Bug#588017: perl: current directory in @INC potentially harmful
Dominic Hargreaves
dom at earth.li
Sun Aug 15 15:24:33 UTC 2010
On Thu, Aug 05, 2010 at 07:58:34AM +0900, Ansgar Burchardt wrote:
> Niko Tyni <ntyni at debian.org> writes:
>
> > While I agree it's potentially harmful, I think fixing it has a very
> > high risk of breaking user scripts. It's definitely not something to do
> > in a stable security update, and I'm not enthusiastic about diverging
> > from upstream at all here.
>
> I agree. This is very likely to break things.
>
> > Ansgar, could you please discuss this upstream on the perl5-porters
> > list?
>
> Just sent a message there [1]. Let's see what they think about this.
Upstream agrees that this isn't readily fixable.
I think this means that a squeeze-ignore tag and/or a severity downgrade
would be appropriate here?
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the Perl-maintainers
mailing list