Jan Engelhardt wrote:
On Thursday 2014-03-27 14:31, Sascha Peilicke wrote:
This way the Factory review team avoids having to fight a proxy war. The only policy would be "add yourself to rpmlint's whitelist". Of course, I assume
Making it completely optional would make this effort pointless...
"optional" is completely wrong vocabulary here. My proposal frees the review team from yet something more people will argue with them. Instead, it becomes a discussion between the rpmlint maintainers (aka security-aware people) and the packager. Isn't that a smart move?
rpmlint is not normally associated with security (*permissions.rpm* would be), but policy/correctness. And as it so happens sufficiently many times, rpmlint has got some false positives. I feel opposed to whitelists, especially when they don't get updated.
We already do have a whitelist of users and groups in rpmlint and it's kept fairly up to date. The rpmlint error triggered by that warning was not fatal so far though. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org