alterator-netinst-1.9.1-alt4.noarch	checkbashisms	experimental	checkbashisms utility found possible bashisms in: /usr/bin/alterator-netinst; 
alterator-netinst-1.9.1-alt4.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/netinst: $ grep /tmp/ /usr/lib/alterator/backend3/netinst elif [ "$in_add" ]; then [ "$in_get_from" = "url" ] && run_localized alterator-netinst "$in_add_url" || run_localized alterator-netinst "cdrom:" else set >> /tmp/log if [ "$in_vnc" ]; then if [ "$in_vnc" = '#t' ] ; then vnc= headless= [ "$in_headless" = '#t' ] && headless='headless';