-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is opentmpfiles dead? #19
Comments
For all intents and purposes, it seems abandoned by Gentoo. See: That said, I still use 0.2, as I personally believe something so simple really doesn't need a very complex implementation regardless of whatever fringe TOCTOU issues people come up with. It still works just fine. The currently reported security issues are very unlikely to be hit unless I write my own tmpfiles.d files, and the ones currently installed on my system don't hit them. And of course, anyone is free to pick it back up and resume development. |
Here are my thoughts about opentmpfiles and systemd-tmpfiles.
Given this, I'm fine with systemd-tmpfiles for now since maintaining opentmpfiles feels like a lot of work without much benefit. However, if there are reasons I'm missing that we should advocate for keeping opentmpfiles and fixing it, I'm willing to listen. |
In case somebody really wants yet another alternative implementation https://github.com/rust-torino/tmpfiles-rs exists, it was part of the local rust meetup activities (now sort of on-hold due covid). as long the reference implementation does not bring additional dependencies and/or breaks our use-case (static linking, non-gnu libcs, non-gnu C compiler), I see its adoption a pragmatic choice. |
i'm not seeing any reason for opentmpfiles to exist now that systemd-tmpfiles can be compiled independently from anything else. so unless someone has a reason for it, we can update the README to direct people to that. |
Thank you all for your answers. It seems that it really makes no sense to reinvent the wheel for such small component. |
I'd keep this issue open for visibility, I was confused regarding the state of the project at first as well, and I'm sure we're not the only ones. Having a statement from the primary maintainer helps a ton. |
I'll add a note to the README for this project. |
Upstream no longer maintained. Also has a privilege escalation vulnerability that will likely not be fixed. Not depended upon by any other packages. See also: OpenRC/opentmpfiles#19
Upstream no longer maintained. Also has a privilege escalation vulnerability that will likely not be fixed. Not depended upon by any other packages. See also: OpenRC/opentmpfiles#19 closes #42655
Upstream no longer maintained. Also has a privilege escalation vulnerability that will likely not be fixed. Not depended upon by any other packages. See also: OpenRC/opentmpfiles#19 closes void-linux#42655
Upstream no longer maintained. Also has a privilege escalation vulnerability that will likely not be fixed. Not depended upon by any other packages. See also: OpenRC/opentmpfiles#19 closes void-linux#42655
I just want to link these alternative implementations I have found, I am not sure how usable they are or not. https://github.com/juur/tmpfilesd |
Hello there,
Is opentmpfiles officialy dead and we have to use systemd-tmpfiles instead? Is there any other way to handle tmpfiles in OpenRC?
Best Regards,
Acatorn
The text was updated successfully, but these errors were encountered: