I'm forwarding this message form Bryan O'Neill, who is not on the time zone mailing list.
[...]
I asked a question on linuxquestions.org about what exact commands I would need to install your patch that will update the new DST rules on my RH 8.0 pc. One guy responded with the following: [snip] Do you see anything there that may create something malcious or unsecure?
I decided not to bore the whole list with the fairly detailed response I mailed to Bryan, but figured I'd leave a briefer synopsis here for the archives: * While I don't know about 8.0 specifically, I do know that repositories for some other Red Hat releases are up-to-date enough that a simple "yum update tzdata" would probably a better solution for the Bryan's stated goals. * The code quoted was not malicious, nor inherently insecure (there are some circumstances where security problems might arise, such as a compromised tzcode tarball being downloaded, but these are issues outside the scope of what the given code snippet can be expected to address). Furthermore, though I do have some quibbles with the code as not setting the best example in quality (using several commands where a smaller number of simple ones would have sufficed), it *is* written with saftey in mind: it takes pains to "exit" whenever something might not work as planned, rather than risk falling through and potentially doing damage. * The code snippet installs to the tzcode default of /usr/local/zoneinfo, which is wrong for the goal of ensuring that the *system* will use the new rules. If recompiling from source (as opposed to using a newer rpm) is desired, editing the TOPDIR setting in the makefile (or setting it on the "make" command-line) is needed. --Ken Pizzini