Overview
Request 779354 superseded
better changes file entry (forwarded request 779353 from smithfarm)
- Created by smithfarm
- In state superseded
- Supersedes 779070
- Superseded by 781553
- Open review for factory-staging
Request History
smithfarm created request
better changes file entry (forwarded request 779353 from smithfarm)
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto added security-team as a reviewer
The package is submitted to an official product and it has warnings that indicate that it need to go through a security review. Those warnings can only be ignored in devel projects. For more information please read: https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs.
factory-auto accepted review
Check script succeeded
dimstar_suse added openSUSE:Factory:Staging:D as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:D"
dimstar_suse accepted review
Picked "openSUSE:Factory:Staging:D"
licensedigger accepted review
ok
dimstar accepted review
dimstar_suse added factory-staging as a reviewer
Being evaluated by group "factory-staging"
dimstar_suse accepted review
Unstaged from project "openSUSE:Factory:Staging:D"
mkraus declined review
You are disabling some rpmlint checks that are critical to the operations of the security team. Please don't do that. If the permissions whitelistings/lints are wrong, tell us and we'll fix them. If it's urgent, we'll try to be quick about it - if you tell us.
I've already replied in bsc#1150366 that we can do the whitelisting of the setgid directory before the bug is fixed. But the rpmlints about /usr/bin/radosgw look worrying too. The way it's packaged it won't have any capabilities, but the permissions configuration still thinks it should. So whenever chkstat is run (which happens rather frequently on Tumbleweed), that binary gets assigned file capabilities that it apparently should not have. I'll work on removing these wrong entries...
mkraus declined request
You are disabling some rpmlint checks that are critical to the operations of the security team. Please don't do that. If the permissions whitelistings/lints are wrong, tell us and we'll fix them. If it's urgent, we'll try to be quick about it - if you tell us.
I've already replied in bsc#1150366 that we can do the whitelisting of the setgid directory before the bug is fixed. But the rpmlints about /usr/bin/radosgw look worrying too. The way it's packaged it won't have any capabilities, but the permissions configuration still thinks it should. So whenever chkstat is run (which happens rather frequently on Tumbleweed), that binary gets assigned file capabilities that it apparently should not have. I'll work on removing these wrong entries...
superseded by 781553
Waiting for sec: http://bugzilla.suse.com/show_bug.cgi?id=1150366
https://build.opensuse.org/request/show/780979 https://build.opensuse.org/request/show/781553