[Bug 522210] New Package for Dogtag PKI: pki-ca
bugzilla at redhat.com
bugzilla at redhat.com
Wed Sep 16 17:24:04 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=522210
--- Comment #5 from Matthew Harmsen <mharmsen at redhat.com> 2009-09-16 13:24:02 EDT ---
# rpmlint pki-ca-1.3.0-1.fc11.noarch.rpm
pki-ca.noarch: E: non-readable /usr/share/pki/ca/conf/CS.cfg 0660
pki-ca.noarch: E: non-standard-dir-perm /usr/share/pki/ca/logs/signedAudit 0770
1 packages and 0 specfiles checked; 2 errors, 0 warnings.
EXPLANATION:
(1) The 'CS.cfg' file requires a mode of '0660' due to security
sensitive information potentially contained within this file;
therefore, it must not be viewable by others, and since this
package is part of a cross-platform product, it may not rely
exclusively upon SELinux access control.
(2) Similarly, the 'signedAudit' directory requires a mode of '0770' as this
directory, when enabled, contains security sensitive logfiles that
must not be viewable by others, and since this package is part of a
cross-platform product, it may not rely exclusively upon SELinux
access control.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list