[Bug 491430] Review Request: sslogger - A keystroke logging utility for privileged user escalation

Thu May 21 16:24:09 UTC 2009

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=491430

Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |182235(FE-Legal)

--- Comment #17 from Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp>  2009-05-21 12:23:58 EDT ---
Some pre-remarks:

!!!! About license
  Well, actually almost all the files in this tarball are
  under GPLv3+, however sslogger.c is under "BSD with advertising",
  which conflicts with GPLv3+:
  https://fedoraproject.org/wiki/Licensing

  For this package, actually sl.c (under GPLv3+) actually calls
  execvp() for sslogger, which is written in sslogger.c (BSD with
  advertising), licenses really conflict.

* Please consider to use %?dist macro:
  https://fedoraproject.org/wiki/Packaging/DistTag

* BuildRoot does not honor Fedora's packaging guidelines:
  https://fedoraproject.org/wiki/Packaging/Guidelines#BuildRoot_tag

* Source0 must be specified with full URL:
  https://fedoraproject.org/wiki/Packaging/SourceURL

* Some needed Requires(pre) or so are missing:

https://fedoraproject.org/wiki/Packaging/SysVInitScript#Initscripts_in_spec_file_scriptlets

* Fedora specific compilation flags are not correctly
  honored:
  https://fedoraproject.org/wiki/Packaging/Guidelines#Compiler_flags
  https://fedoraproject.org/wiki/Packaging/Debuginfo

* Please use macros for standard directories. For example,
  you should use %{_localstatedir} for /var:
  https://fedoraproject.org/wiki/Packaging/RPMMacros

* For binary names
  - In Fedora other rpm already uses the name "%{_bindir}/sl"
  - And IMO the name "%{_bindir}/replay" is too generic.
  - Also I recommend to change %log_dir to %_localstatedir/log/sslogger
    or so.

* Fedora considers that deleting user/group automatically by
  rpm scriptlets is dangerous and this must be done manually
  by sysadmin

--------------------------------------------------------------------
%post
chown -R %{suser}.%{sgroup} %{log_dir}
--------------------------------------------------------------------
* - is actually useless. This scriptlet is executed only when this rpm
  is installed or upgraded and does nothing when this rpm
  is actually used.

* Fedora uses %{_defaultdocdir}/%{name}-%{version} as directory
  to install documents
  - By the way currently the directory %{_docdir}/sslogger/ itself
    is not owned by this package:

https://fedoraproject.org/wiki/Packaging/Guidelines#File_and_Directory_Ownership
    https://fedoraproject.org/wiki/Packaging/UnownedDirectories

Setting FE-Legal

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.