Packaging Guidelines: Why so lax for BuildRoot?
Tom Lane
tgl at redhat.com
Sun Mar 23 04:30:24 UTC 2008
Kevin Kofler <kevin.kofler at chello.at> writes:
> From a security standpoint, all those variants are flawed though (even the
> mktemp is subject to a race condition), there is a proposal by Lubomir Kundrak
> to fix the mess:
> http://fedoraproject.org/wiki/PackagingDrafts/SecureBuildRoot
> but so far it's just a proposal.
It's 100% nuts that the BuildRoot tag even exists. This is something
that could and should be handled by intelligence inside rpmbuild,
with no need to try to herd developers into agreeing on whatever the
theory-of-the-month is.
Expecting specfiles to rm -rf the buildroot is just as stupid.
I don't grasp why anyone is thinking that hundreds (thousands?) of
Fedora developers should deal with these things, rather than fixing it
once in RPM itself.
regards, tom lane
More information about the devel
mailing list