https://bugzilla.novell.com/show_bug.cgi?id=896601 https://bugzilla.novell.com/show_bug.cgi?id=896601#c4 Raymond Wooninck <tittiatcoke@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED CC| |tittiatcoke@gmail.com Resolution| |WONTFIX --- Comment #4 from Raymond Wooninck <tittiatcoke@gmail.com> 2014-09-17 14:07:11 UTC --- Certain things are not in the hand of those that are maintaining KDE packages. The bug that Hrvoje referred to is a Security bug which seems to be only readable for certain people. So this bug can only be opened by the security team and not by the KDE packagers. This bug requests a security review of K3b which is required due to some dbus services (suse-dbus-unauthorized-service) for the files: /usr/share/dbus-1/system-services/org.kde.k3b.service and /etc/dbus-1/system.d/org.kde.k3b.conf. The security team indicated that for them the bug was closed as wontfix, due to the following reasoning: "We do not think we want this helper. it modifies device permissions (which we have ACLs for) and it modifies binary!!! permissions to be setuid root (totally unwanted). (default privs are auth_admin... but we should not allow bypassing our devbice and permission model we think)." So there are now two ways forward. The first one is to drop K3b from openSUSE and have it just through Packman or the other option is to drop the helper upstream. As you indicated what to fix upstream, I guess this is what can be done. Based on your initial request, I assume that you rather have that we drop the K3b version on openSUSE and have it shipped through Packman I believe that you should also read that link you provided as that it clear states to respect others and their work. Which clearly is missing in most of your communications. Closing this bug as WONTFIX due to the WONTFIX on the related security review which blocks the update of k3b. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.