[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Removing noise from specs



On Fri, 2006-05-19 at 00:23 +0000, Kevin Kofler wrote:
> Nicolas Mailhot <nicolas mailhot    > writes:
> > %defattr(0644,root,root,0755) would be less transparent but would force
> > packagers to actually check the perms they need
> 
> No, IMHO it would just lead them to systematically put 
> %defattr(0755,root,root,0755) (or worse, 0777, you never know...) everywhere in 
> specfiles, which means:

It also means that RPMs will have incorrect ownership when built on
systems that do not define the defattr outside of the spec file.

It is better to have it it their.

Not defining buildroot is one thing -it won't cause an incorrectly
packaged rpm to be built on older systems, it will cause a build failure
until the user defines a buildroot.

But not having a %defattr means that on systems that don't define it,
the package will build but have improper permissions - which is a severe
security risk. It does not hurt to have %defattr there, and having it
there prevents improper permissions. Well, prevents improper permissions
that would be correct if it is defined there.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]