+++ This bug was initially created as a clone of Bug #198231 +++ feynmf.pl as shipped in dev-texlive/texlive-metapost-2007 creates files in an insecure manner. The attached patch should fix this, and is extracted from the Debian package. Please also check with upstream whether this is included in their repository and coordinate that if necessary. Any reason metapost cannot use the independant feynmf?
The patch is attached to Bug #198231
(In reply to comment #0) > Any reason metapost cannot use the independant feynmf? not really, except following texlive packaging. I think I'll remove it and make app-text/texlive ebuild depend on feynmf. Anyway, all texlive module ebuilds contain stuff that could have their independant ebuild; it could be possible that we separate every ctan package in its own ebuild, but this will mean having thousands of such ebuilds ;) the rationale being that texlive upstream (which you can see as a ctan downstream) is already doing a great work with maintaining and packaging all of those packages, so a separate ebuild is worth it only if it is well maintained; what I obviously cannot do for all the packages.
(In reply to comment #2) > the rationale being that texlive upstream (which you can see as a ctan > downstream) is already doing a great work with maintaining and packaging all of > those packages, so a separate ebuild is worth it only if it is well maintained; > what I obviously cannot do for all the packages. Good point, let's hope the texlive do a decent work then.
feynmf removed from texlive-metapost-2007-r1 and rekeyword bug submitted as bug #198289 for app-text/texlive ebuild depending on the standalone feynmf ebuild.
This is fixed from a security perspective, the keyword regression is fixed at another place. Thanks for the fast reply.