[Bug 269203] Re: Please sync safe-rm 0.3-1 (universe) from Debian unstable (main)

[François Marier]

(I'm both the Debian maintainer and upstream for this project)

I believe that the bug that was fixed in 0.3 is quite important. Without
this fix, the protection guaranteed by this package can be much smaller
than what people would expect.

For example, on 0.2, even if you blacklist the file
'/home/username/todo.txt', typing "rm todo.txt" in your home directory
will delete the file.

So technically, this bug doesn't make the package unusable, but it can
be argued that it makes it quite a bit less useful.

Anyways, aside from the debconf translations and the slight alteration
to the package description, the difference between intrepid and Debian
unstable is a one-line fix to /usr/bin/safe-rm:

--- a/safe-rm

+++ b/safe-rm

@@ -131,7 +131,7 @@ for (my $i = 0; $i <= $#ARGV; $i++) {


     # Normalize the pathname

     my $normalized_pathname = $pathname;

-    if ($normalized_pathname =~ m|/|) {

+    if ($normalized_pathname =~ m|/| or -e "$normalized_pathname") {

         # Convert to an absolute path (e.g. remove "..")

         $normalized_pathname = realpath($normalized_pathname);

         $normalized_pathname = $pathname unless $normalized_pathname;


Hence I would highly recommend that this package by synced before intrepid is released.

Francois

-- 
Please sync safe-rm 0.3-1 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/269203
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.