[Scons-dev] script/scons
Jörg Frings-Fürst
debian at jff-webhosting.net
Sat Nov 8 05:42:24 EST 2014
Hello,
from Helmut Grohne <helmut at subdivi.de> I have just get:
> 2. I am very uneasy about the following hunk to script/scons:
>
> | +# - running from source takes priority (since 2.3.2), excluding
> SCONS_LIB_DIR settings
> | +script_path = os.path.abspath(os.path.dirname(__file__))
> | +source_path = os.path.join(script_path, '..', 'engine')
> | +libs.append(source_path)
>
> Importing random python modules from .. is a route to security
> issues. Even if upstream is keen on keeping this hack to make scons
> work better when used from source, the Debian package almost
> certainly should revert it.
Any hints about this?
Thanks
CU
Jörg
--
pgp Fingerprint: 7D13 3C60 0A10 DBE1 51F8 EBCB 422B 44B0 BE58 1B6E
pgp Key: BE581B6E
CAcert Key S/N: 0E:D4:56
Jörg Frings-Fürst
D-54526 Niederkail
Threema: SYR8SJXB
IRC: j_f-f at freenode.net
j_f-f at oftc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <https://pairlist2.pair.net/pipermail/scons-dev/attachments/20141108/71a07ff8/attachment.pgp>
More information about the Scons-dev
mailing list