[Bug 188359] Review Request: bugzilla - bug tracking tool

bugzilla at redhat.com bugzilla at redhat.com
Tue Apr 25 17:31:53 UTC 2006 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: bugzilla - bug tracking tool


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188359


tibbs at math.uh.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
         AssignedTo|bugzilla-sink at leemhuis.info |tibbs at math.uh.edu
OtherBugsDependingO|163776                      |163778
              nThis|                            |




------- Additional Comments From tibbs at math.uh.edu  2006-04-25 13:31 EST -------
This is really shaping up so I'll go ahead and sign on for a review.  (Others
are certainly welcome to join in.)

Let's dispense with rpmlint stuff:

W: bugzilla no-documentation

You moved all of the documentation off to the -doc subpackage.  The usual
practise seems to be to keep some basic documentation like changelogs or readmes
in the main package and move extensive stuff off to the subpackage; I'd suggest
keeping QUICKSTART, README and UPGRADING* in the base package but it's certainly
up to you as there's no hard rule here.

E: bugzilla script-without-shellbang
/var/www/bugzilla/template/en/default/admin/keywords/list.html.tmpl
E: bugzilla script-without-shellbang
/var/www/bugzilla/template/en/default/admin/keywords/edit.html.tmpl
E: bugzilla script-without-shellbang /var/www/bugzilla/contrib/gnatsparse/README
E: bugzilla script-without-shellbang /var/www/bugzilla/contrib/gnatsparse/magic.py
E: bugzilla script-without-shellbang
/var/www/bugzilla/template/en/default/admin/keywords/create.html.tmpl
E: bugzilla script-without-shellbang
/var/www/bugzilla/template/en/default/admin/keywords/rebuild-cache.html.tmpl
E: bugzilla script-without-shellbang /var/www/bugzilla/Bugzilla/Bug.pm
E: bugzilla script-without-shellbang
/var/www/bugzilla/template/en/default/admin/keywords/created.html.tmpl
E: bugzilla script-without-shellbang
/var/www/bugzilla/template/en/default/admin/keywords/confirm-delete.html.tmpl
E: bugzilla script-without-shellbang
/var/www/bugzilla/contrib/gnatsparse/gnatsparse.py

These all have executable permission, but they shouldn't.  Perhaps the python
scripts should, but they would need to start with #!/usr/bin/python.

E: bugzilla version-control-internal-file /var/www/bugzilla/template/en/.cvsignore
E: bugzilla version-control-internal-file /var/www/bugzilla/template/.cvsignore
E: bugzilla version-control-internal-file /var/www/bugzilla/Bugzilla/.cvsignore
E: bugzilla-doc version-control-internal-file /var/www/bugzilla/docs/.cvsignore

These should all be deleted.

E: bugzilla non-executable-script /var/www/bugzilla/contrib/gnats2bz.pl 0644
E: bugzilla non-executable-script /var/www/bugzilla/contrib/cvs-update.pl 0644
E: bugzilla non-executable-script /var/www/bugzilla/contrib/sendbugmail.pl 0644
E: bugzilla non-executable-script /var/www/bugzilla/contrib/jb2bz.py 0644
E: bugzilla non-executable-script /var/www/bugzilla/contrib/sendunsentbugmail.pl
0644
E: bugzilla non-executable-script /var/www/bugzilla/contrib/yp_nomail.sh 0644
E: bugzilla-doc non-executable-script /var/www/bugzilla/docs/makedocs.pl 0644

I think it's safe to ignore these, but we'll have to think about consistency.

W: bugzilla non-conffile-in-etc /etc/httpd/conf.d/bugzilla.conf

Safe to ignore.

E: bugzilla wrong-script-interpreter /var/www/bugzilla/contrib/jb2bz.py
"/usr/local/bin/python"

Should probably be fixed.

About the contrib directory:
Is it safe, or even appropriate to stick this stuff in the webroot? I would
argue that it isn't, or that access to it from the web should be severely
restricted.  Generally this kind of thing is packaged (execute bits off) with
the documentation as examples or under /usr/lib

Is everything in /var/www/bugzilla intended to be visible from the web or
accessed by one of the scripts run by the web server?  Stuff that's run from
cron jobs shouldn't be there.  What about the t directory?

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the Fedora-package-review mailing list