Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=753027

Amir Hedayaty hedayaty@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |hedayaty@gmail.com

--- Comment #1 from Amir Hedayaty hedayaty@gmail.com 2011-11-19 05:55:21 EST --- Thanks for the nice package, I also a big user of vim, I really enjoyed this It does not look so nice at first glance, the fact that you can assign, compile/run to tabs is pretty handy!

The following build-requirements are a little bit hard to work-around BuildRequires: pkgconfig(gtk+-2.0) BuildRequires: pkgconfig(vte) BuildRequires: pkgconfig(gee-1.0) BuildRequires: pkgconfig(gio-2.0)

Is it better to use gtk2-devel, cte-devel. libgee-devel, glib2-devel

Seems you are trying to open an unrelated pixmap not available of my fedora Failed to open file '/usr/share/pixmaps/gnome-term.png': No such file or directory

Another minor bug is the ability to handle duplicates, for example if 2 instances are running, quit one of them (maybe the older one). I had a few crash experiences and when trying to invoke it again, there was an error "Could not aquire DBUS name", after killing the old one it become OK.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=753027

Amir Hedayaty hedayaty@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Flag| |fedora-review+

--- Comment #3 from Amir Hedayaty hedayaty@gmail.com 2011-11-19 08:40:51 EST --- To my knowledge this package is quite suitable for Fedora my suggestions are:

remove "%defattr(-,root,root,-)" it is not needed any more

also if you add some selinux workaround it would be nice, by default login is now allowed to connect to postgresql unless selinux is on permissive mode (which is similar to being disabled)

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=753027

Parag pnemade@redhat.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |pnemade@redhat.com Flag|fedora-review+ |

--- Comment #5 from Parag pnemade@redhat.com 2011-11-19 09:36:11 EST --- Amir, Please don't change any flags. you are not yet sponsored by me. Once you get sponsorship you can start official reviews and accept packages in Fedora.

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=753027

--- Comment #7 from Mathieu Bridon bochecha@fedoraproject.org 2012-01-30 23:21:39 EST --- Sorry it took me so long to reply, I've been completely swamped lately (but things are improving fortunately :)

Here is an updated package, with Amir's and Robert's feedback addressed.

Spec URL: http://bochecha.fedorapeople.org/packages/pam-pgsql.spec SRPM URL: http://bochecha.fedorapeople.org/packages/pam-pgsql-0.7.3.1-2.fc16.src.rpm

$ rpmlint pam-pgsql* pam-pgsql.src: W: spelling-error %description -l en_US authtok -> author pam-pgsql.src: W: spelling-error %description -l en_US reqd -> red, reed, read pam-pgsql.src: W: spelling-error %description -l en_US auth -> auto, Ruth, author pam-pgsql.x86_64: W: spelling-error %description -l en_US authtok -> author pam-pgsql.x86_64: W: spelling-error %description -l en_US reqd -> red, reed, read pam-pgsql.x86_64: W: spelling-error %description -l en_US auth -> auto, Ruth, author 3 packages and 1 specfiles checked; 0 errors, 6 warnings.

Thanks for the feedback. I'll try my best to react in a more timely fashion for the rest of the review.

https://bugzilla.redhat.com/show_bug.cgi?id=753027

--- Comment #9 from Mathieu Bridon bochecha@fedoraproject.org --- (In reply to Florian Weimer from comment #8)

I don't think libpq (the PostgreSQL client library) is designed to be used in a SUID process, so this PAM module is likely not entirely safe to use as the system default.

Do you mean you wouldn't recommend to introduce this package in Fedora at all?

Or do you mean that if this package is introduced into Fedora, then it should not be used on a default Fedora install?

I certainly don't intend to do the latter, and if you have strong concerns over the security of this package, maybe even the former is not a great idea? :-/

(I still didn't have time to resolve the selinux issues mentioned in comment 3, which might be an additional concern)

https://bugzilla.redhat.com/show_bug.cgi?id=753027

--- Comment #11 from Florian Weimer fweimer@redhat.com --- (In reply to Mathieu Bridon from comment #9)

(In reply to Florian Weimer from comment #8)

...

I don't think libpq (the PostgreSQL client library) is designed to be used in a SUID process, so this PAM module is likely not entirely safe to use as the system default.

Do you mean you wouldn't recommend to introduce this package in Fedora at all?

Yes, the implementation needs to be split into a in-process stub and a separate daemon, like nss-pam-ldapd.

(I still didn't have time to resolve the selinux issues mentioned in comment 3, which might be an additional concern)

That would also help to address the SELinux issue.