[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Packaging Guidelines: Why so lax for BuildRoot?

From: Tom Lane <tgl redhat com>
To: Development discussions related to Fedora <fedora-devel-list redhat com>
Subject: Re: Packaging Guidelines: Why so lax for BuildRoot?
Date: Sun, 23 Mar 2008 00:30:24 -0400

Kevin Kofler <kevin kofler chello at> writes:
> From a security standpoint, all those variants are flawed though (even the 
> mktemp is subject to a race condition), there is a proposal by Lubomir Kundrak 
> to fix the mess:
> http://fedoraproject.org/wiki/PackagingDrafts/SecureBuildRoot
> but so far it's just a proposal.

It's 100% nuts that the BuildRoot tag even exists.  This is something
that could and should be handled by intelligence inside rpmbuild,
with no need to try to herd developers into agreeing on whatever the
theory-of-the-month is.

Expecting specfiles to rm -rf the buildroot is just as stupid.

I don't grasp why anyone is thinking that hundreds (thousands?) of
Fedora developers should deal with these things, rather than fixing it
once in RPM itself.

			regards, tom lane

Follow-Ups:
- Re: Packaging Guidelines: Why so lax for BuildRoot?
  - From: Dimi Paun
- Re: Packaging Guidelines: Why so lax for BuildRoot?
  - From: Stephen John Smoogen
- Re: Packaging Guidelines: Why so lax for BuildRoot?
  - From: Rex Dieter

References:
- Packaging Guidelines: Why so lax for BuildRoot?
  - From: Stephen Warren
- Re: Packaging Guidelines: Why so lax for BuildRoot?
  - From: Kevin Kofler

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]