[Bug 513345] Review Request: iwak - Detect the openssh keys affected by CVE-2008-0166 among authorized_keys
bugzilla at redhat.com
bugzilla at redhat.com
Thu Jul 23 13:11:04 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=513345
--- Comment #5 from Matej Cepl <mcepl at redhat.com> 2009-07-23 09:11:03 EDT ---
+ FAIL: rpmlint is silent on both source and binary package.
bradford:rpmbuild$ rpmlint iwak-2.4-1.fc11.src.rpm
iwak.src: E: description-line-too-long Detect the openssh keys affected by
CVE-2008-0166 among authorized_keys. This is done by computing the fingerprints
from
iwak.src: E: description-line-too-long each authorized key and then comparing
against the databaze of blacklisted fingerprints.
1 packages and 0 specfiles checked; 2 errors, 0 warnings.
bradford:rpmbuild$
+ GOOD: The package is named according to the Package Naming Guidelines .
+ GOOD: The spec file name matches the base package %{name}, in the format
%{name}.spec.
+ GOOD: The package meets the Packaging Guidelines.
+ GOOD: The package is licensed with a Fedora approved license and meet the
Licensing Guidelines.
+ GOOD: The License field in the package spec file matches the actual license.
Well, it would be better if this GPL blurb was in the top of the script itself:
iawk - detects the openssh authorized_keys affected by CVE-2008-0166
Copyright (C) 2009 Jan F. Chadima
Copyright (C) 2009 Red Hat Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ GOOD: The spec file is written in American English.
+ GOOD: The spec file for the package is legible.
+ GOOD: The sources used to build the package matches the upstream source,
as provided in the spec URL.
SHA1: c9567e1590d75afa080102096b0ba19a49834f3a
+ GOOD: The package successfully compiles and build into binary rpms on at
least one supported architecture.
It is noarch -- koji scratch build is
http://koji.fedoraproject.org/koji/taskinfo?taskID=1494766
+ GOOD: builds on all architectures
noarch
+ GOOD: All build dependencies are listed in BuildRequires. (builds in koji)
+ GOOD: The spec file MUST handle locales properly.
No locale support.
+ GOOD: no libraries
+ GOOD: not relocatable
+ GOOD: A package owns all directories that it creates.
+ GOOD: A package must not contain any duplicate files in the %files listing.
+ GOOD: Permissions on files must be set properly.
+ GOOD: Each package have a %clean section.
+ GOOD: Each package consistently use macros.
+ GOOD: The package contains code, or permissable content.
+ GOOD: No large documentation files, so no a -doc subpackage.
+ GOOD: Files registered in %doc does not affect the runtime of the
application.
+ GOOD: No header files.
+ GOOD: No static libraries.
+ GOOD: No pkgconfig(.pc) files.
+ GOOD: The package does not contain library files with a suffix.
+ GOOD: No devel packages.
+ GOOD: No .la libtool archives.
+ GOOD: Packages does not contain GUI applications.
+ GOOD: Packages does not own files or directories owned by other packages.
+ GOOD: Runs rm -rf $RPM_BUILD_ROOT in %install
+ GOOD: All filenames in rpm packages are valid UTF-8.
+ GOOD: Includes license text.
Please fix or explain above show issues.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list