[Debian-science-sagemath] Build-Depends on source itself [libgap-sage]
Paul Wise
pabs at debian.org
Wed Nov 2 04:16:35 UTC 2016
On Wed, Nov 2, 2016 at 11:22 AM, Jerome BENOIT wrote:
> 2] The scripts that modify the original GAP source files is not distributed within
> the libgap upstream source ball, but it is available via the libgap git repository [2] at Bitbucket
> along some documentation for generating our own modified GAP source code. The current Debian source ball
> for libgap is the git repository material (which unmodified contains but obsolete GAP material, version 4.8.3).
One thing I just noticed: Please get libgap upstream to use the Python
subprocess module with shell=False instead of os.system, which is
deprecated and vulnerable to shell meta-character injection.
https://sources.debian.net/src/libgap-sage/4.8.3%2Bg69a66f0%2Bdsx-1/scripts/libGAPify.py/#L465
--
bye,
pabs
https://wiki.debian.org/PaulWise
More information about the Debian-science-sagemath
mailing list