[Bug 225660] Merge Review: crash
bugzilla at redhat.com
bugzilla at redhat.com
Sun Jan 18 21:45:02 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=225660
Lubomir Rintel <lkundrak at v3.sk> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |lkundrak at v3.sk
--- Comment #2 from Lubomir Rintel <lkundrak at v3.sk> 2009-01-18 16:45:00 EDT ---
(In reply to comment #1)
> - license seems to be GPLv2+. A lot of files are GPL+, some are GPLv2+, some
> have no license at all. A cleanup of those would be nice
Certain files (xen_hyper*) use GPLv2 (only), spot already fixed this in CVS.
> Other problems (fixed)
There are yet more:
- You use "Revision" tag to mark upstream release, which is wrong. It is meant
to be used to version the SPEC file. Given you (package owner, "crash" group,
seem to be upstream, you can definitely fix this by changing the versioning
scheme. (e.g use 4.0.8 instead of 4.0-8))
- The bundled gdb is old and has issues. It is likely that some of older GDB
security problems affect it:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1704
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1705
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4146
Please address those, if they are relevant. Notify your SRT that you bundle GDB
code and communicate with GDB upstream (or people involved in Archer, your
colleagues) to avoid having to bundle GDB in longer run.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the package-review
mailing list