[Scons-dev] script/scons
Dirk Bächle
tshortik at gmx.de
Sat Nov 8 05:58:22 EST 2014
Hi Jörg,
On 08.11.2014 11:42, Jörg Frings-Fürst wrote:
> Hello,
>
> from Helmut Grohne <helmut at subdivi.de> I have just get:
>
>
> > 2. I am very uneasy about the following hunk to script/scons:
> >
> > | +# - running from source takes priority (since 2.3.2), excluding
> > SCONS_LIB_DIR settings
> > | +script_path = os.path.abspath(os.path.dirname(__file__))
> > | +source_path = os.path.join(script_path, '..', 'engine')
> > | +libs.append(source_path)
> >
> > Importing random python modules from .. is a route to security
> > issues. Even if upstream is keen on keeping this hack to make scons
> > work better when used from source, the Debian package almost
> > certainly should revert it.
>
> Any hints about this?
I fail to see how this affects the integrity and security of a Debian
installation/distribution. When Helmut Grohne says that "the Debian
package almost certainly should revert it." is this based on anything
more than his very personal opinion, and a good portion of FUD?
Best regards,
Dirk
More information about the Scons-dev
mailing list