Removing noise from specs
Michael A. Peters
mpeters at mac.com
Fri May 19 01:00:15 UTC 2006
On Fri, 2006-05-19 at 00:23 +0000, Kevin Kofler wrote:
> Nicolas Mailhot <nicolas.mailhot at ...> writes:
> > %defattr(0644,root,root,0755) would be less transparent but would force
> > packagers to actually check the perms they need
>
> No, IMHO it would just lead them to systematically put
> %defattr(0755,root,root,0755) (or worse, 0777, you never know...) everywhere in
> specfiles, which means:
It also means that RPMs will have incorrect ownership when built on
systems that do not define the defattr outside of the spec file.
It is better to have it it their.
Not defining buildroot is one thing -it won't cause an incorrectly
packaged rpm to be built on older systems, it will cause a build failure
until the user defines a buildroot.
But not having a %defattr means that on systems that don't define it,
the package will build but have improper permissions - which is a severe
security risk. It does not hurt to have %defattr there, and having it
there prevents improper permissions. Well, prevents improper permissions
that would be correct if it is defined there.
More information about the fedora-extras-list
mailing list