[Bug 491430] Review Request: sslogger - A keystroke logging utility for privileged user escalation
bugzilla at redhat.com
bugzilla at redhat.com
Thu May 21 16:24:09 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=491430
Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |182235(FE-Legal)
--- Comment #17 from Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> 2009-05-21 12:23:58 EDT ---
Some pre-remarks:
!!!! About license
Well, actually almost all the files in this tarball are
under GPLv3+, however sslogger.c is under "BSD with advertising",
which conflicts with GPLv3+:
https://fedoraproject.org/wiki/Licensing
For this package, actually sl.c (under GPLv3+) actually calls
execvp() for sslogger, which is written in sslogger.c (BSD with
advertising), licenses really conflict.
* Please consider to use %?dist macro:
https://fedoraproject.org/wiki/Packaging/DistTag
* BuildRoot does not honor Fedora's packaging guidelines:
https://fedoraproject.org/wiki/Packaging/Guidelines#BuildRoot_tag
* Source0 must be specified with full URL:
https://fedoraproject.org/wiki/Packaging/SourceURL
* Some needed Requires(pre) or so are missing:
https://fedoraproject.org/wiki/Packaging/SysVInitScript#Initscripts_in_spec_file_scriptlets
* Fedora specific compilation flags are not correctly
honored:
https://fedoraproject.org/wiki/Packaging/Guidelines#Compiler_flags
https://fedoraproject.org/wiki/Packaging/Debuginfo
* Please use macros for standard directories. For example,
you should use %{_localstatedir} for /var:
https://fedoraproject.org/wiki/Packaging/RPMMacros
* For binary names
- In Fedora other rpm already uses the name "%{_bindir}/sl"
- And IMO the name "%{_bindir}/replay" is too generic.
- Also I recommend to change %log_dir to %_localstatedir/log/sslogger
or so.
* Fedora considers that deleting user/group automatically by
rpm scriptlets is dangerous and this must be done manually
by sysadmin
--------------------------------------------------------------------
%post
chown -R %{suser}.%{sgroup} %{log_dir}
--------------------------------------------------------------------
* - is actually useless. This scriptlet is executed only when this rpm
is installed or upgraded and does nothing when this rpm
is actually used.
* Fedora uses %{_defaultdocdir}/%{name}-%{version} as directory
to install documents
- By the way currently the directory %{_docdir}/sslogger/ itself
is not owned by this package:
https://fedoraproject.org/wiki/Packaging/Guidelines#File_and_Directory_Ownership
https://fedoraproject.org/wiki/Packaging/UnownedDirectories
Setting FE-Legal
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the package-review
mailing list