Request for Review: dhcp-forwarder, dietlibc, ip-sentinel, util-vserver + xca

Enrico Scholz enrico.scholz at
Wed Mar 30 10:17:32 UTC 2005

kevin-fedora-extras at (Kevin Fenzi) writes:

> Enrico> * xca: Graphical X.509 certificate management tool
> The FC-3 branch doesn't compile here:

oops, sorry. I worked on the devel branch only; FC-3 should be synced

> Does the %release_func work under fedora-extras?

I do not know a reason why it should not work there ;)

> Or is that a thing? I suspec it doesn't as the release seems
> to be be -0 when it compiles here.

It is expected that

| Release:   %release_func 0

produces a -0 release.

> Source0:
> I think it's prefered to list the exact name-version in there instead
> of macros.

Sorry, I will not change it as it adds redundancy and seduces reviewers
to copy & paste this URL without verifying its correctness.

> BuildRoot:      %_tmppath/%name-%version-%release-buildroot
> The prevered value is
> "%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)" 

There is no big difference except the '%(%{__id_u} -n)' which does not
make much sense but adds complexity and gives a false feeling about
security. You have always a race between

| %install
| rm -rf $RPM_BUILD_ROOT


| make install DESTDIR=$RPM_BUILD_ROOT

where an attacker could create an installation-dir with malicious
content.  A better way would be the definition of a userspecific
%_tmppath in ~/.rpmmacros which is writable by the actual user only.


More information about the fedora-extras-list mailing list