* lib/gnupload (GPG): Don't use an absolute path.

This reverts part of the 2004-01-28 change.
If the hypothetical cracker ever gets in to my (or any developer's)
system with sufficient privilege to modify the contents of
directories in my PATH (or change my PATH altogether), they can
already compromise my development work in so many ways that using
such absolute names in gnupload gives reduced functionality with
no added security.

diff --git a/ChangeLog b/ChangeLog
index 191b99d..b967dcc 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2007-12-18  Jim Meyering  <meyering@redhat.com>
+
+       * lib/gnupload (GPG): Don't use an absolute path.
+       This reverts part of the 2004-01-28 change.
+
 2007-12-08  Ralf Wildenhues  <Ralf.Wildenhues@gmx.de>
 
        * lib/Automake/FileUtils.pm (open_quote): New function.

diff --git a/lib/gnupload b/lib/gnupload
index c3a6a42..2e3c801 100755 (executable)
--- a/lib/gnupload
+++ b/lib/gnupload
@@ -1,7 +1,7 @@
 #!/bin/sh
 # Sign files and upload them.
 
-scriptversion=2007-06-30.12
+scriptversion=2007-12-18.17
 
 # Copyright (C) 2004, 2005, 2006, 2007  Free Software Foundation
 #
@@ -22,7 +22,7 @@ scriptversion=2007-06-30.12
 
 set -e
 
-GPG='/usr/bin/gpg --batch --no-tty'
+GPG='gpg --batch --no-tty'
 to=
 
 usage="Usage: $0 [OPTIONS]... FILES...