[opensuse-factory] Wireshark privileges - run as user, not as root
Hi all, This came out of a discussion a few weeks ago on the regular opensuse mailing list. Someone mentioned that Wireshark still needs to be run as root on openSuSE, however, for some time now, Wireshark has had privilege separation to allow the UI to be run as the logged-in user will still allowing libpcap privileged access to be able to perform packet capture. If it is not already, this should be made the default in openSuSE. Does this need a bugzilla? See here: https://wiki.wireshark.org/CaptureSetup/CapturePrivileges The relevant excerpt: ----------------------------------------------------------------------------------------------------------- Most UNIXes Wireshark has implemented Privilege Separation which means that the Wireshark GUI (or the tshark CLI) can run as a normal user while the dumpcap capture utility runs as root. This can be achieved by installing dumpcap setuid root. The advantage of this solution is that while dumpcap is run as root the vast majority of Wireshark's code is run as a normal user (where it can do much less damage). GNU/Linux distributions, Wireshark is installed using a package manager GNU/Linux distributions usually provide package managers which handle installation, configuration and removal of software packages. Wireshark is provided by several distributions and some of them help in configuring dumpcap to allow capturing even for non-root users. Debian, Ubuntu and other Debian derivatives By installing Wireshark packages non-root users won't gain rights automatically to capture packets. To allow non-root users to capture packets follow the procedure described in the Wireshark debian/README.Debian file. Other Linux based systems or other installation methods Other Linux distributions may require that you give dumpcap sufficient privileges by hand. Setting network privileges for dumpcap if your kernel and file system support file capabilities 1. Ensure that you have installed the necessary tools, such as the setcap command. 2. setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/dumpcap (NOTE: Replace /usr/sbin with /usr/bin in case you receive an error that indicates that dumpcap isn't in /usr/sbin) 3. Start Wireshark as non-root and ensure you see the list of interfaces and can do live capture. Setting network privileges for dumpcap if your kernel and file system don't support file capabilities In this case, you will need to make dumpcap set-UID to root. 1. chown root /usr/sbin/dumpcap (NOTE: Replace /usr/sbin with /usr/bin in this command and the next command in case you receive an error that indicates that dumpcap isn't in /usr/sbin) 2. chmod u+s /usr/bin/dumpcap Limiting capture permission to only one group After having set dumpcap's network privileges: 1. Create user "wireshark" in group "wireshark". 2. chgrp wireshark /usr/sbin/dumpcap 3. chmod o-rx /usr/sbin/dumpcap 5. Ensure Wireshark works only from root and from a user in the "wireshark" group" -------------------------------------------------------------------------------------------------- Regards, Rodney. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ==============================================================
Hello, On 1/8/19 1:24 PM, Rodney Baker wrote:
This came out of a discussion a few weeks ago on the regular opensuse mailing list. Someone mentioned that Wireshark still needs to be run as root on openSuSE, however, for some time now, Wireshark has had privilege separation to allow the UI to be run as the logged-in user will still allowing libpcap privileged access to be able to perform packet capture.
This is already implemented. From package changelog:
- Use capabilities to be able to run capture as a non-root user. In easy system permissions mode all users can capture traffic. In secure system permissions mode, must be added to the wireshark group to capture.
See https://bugzilla.opensuse.org/show_bug.cgi?id=957624
If it is not already, this should be made the default in openSuSE. Does this need a bugzilla?
Actually it should NOT be the default, as general network package capturing should be limited to specific users. In this case those added to the wireshark group. Andreas -- Andreas Stieger <astieger@suse.com> Head of Product Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 08/01/2019 13.33, Andreas Stieger wrote:
Hello,
On 1/8/19 1:24 PM, Rodney Baker wrote:
This came out of a discussion a few weeks ago on the regular opensuse mailing list. Someone mentioned that Wireshark still needs to be run as root on openSuSE, however, for some time now, Wireshark has had privilege separation to allow the UI to be run as the logged-in user will still allowing libpcap privileged access to be able to perform packet capture.
This is already implemented. From package changelog:
- Use capabilities to be able to run capture as a non-root user. In easy system permissions mode all users can capture traffic. In secure system permissions mode, must be added to the wireshark group to capture.
See https://bugzilla.opensuse.org/show_bug.cgi?id=957624
If it is not already, this should be made the default in openSuSE. Does this need a bugzilla?
Actually it should NOT be the default, as general network package capturing should be limited to specific users. In this case those added to the wireshark group.
I don't have a wireshark group (Leap 15.0) Telcontar:~ # grep wire /etc/group Telcontar:~ # Telcontar:~ # grep dumpcap /etc/permissions.easy /usr/bin/dumpcap root:root 0755 Is it just enough for me to add it, or must I run some script? Document somewhere? -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 1/8/19 2:03 PM, Carlos E. R. wrote:
I don't have a wireshark group (Leap 15.0)
For Leap 15.0, wireshark privilege separation is not implemented. If you do want to use the package from the build service you need to create the group and set the dumpcap capabilities and permissions yourself. Andreas -- Andreas Stieger <astieger@suse.com> Head of Product Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 08/01/2019 15.21, Andreas Stieger wrote:
On 1/8/19 2:03 PM, Carlos E. R. wrote:
I don't have a wireshark group (Leap 15.0)
For Leap 15.0, wireshark privilege separation is not implemented. If you do want to use the package from the build service you need to create the group and set the dumpcap capabilities and permissions yourself.
Thanks. Then I will do it myself, locally, as the wiki article describes, but in permissions.local -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 01/08/2019 07:33 AM, Andreas Stieger wrote:
Actually it should NOT be the default, as general network package capturing should be limited to specific users. In this case those added to the wireshark group.
That was certainly true, back in the days of plain text passwords on the wire. What is the issue with users running it now? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tuesday, 8 January 2019 23:03:46 ACDT Andreas Stieger wrote:
Hello,
On 1/8/19 1:24 PM, Rodney Baker wrote:
This came out of a discussion a few weeks ago on the regular opensuse mailing list. Someone mentioned that Wireshark still needs to be run as root on openSuSE, however, for some time now, Wireshark has had privilege separation to allow the UI to be run as the logged-in user will still allowing libpcap privileged access to be able to perform packet capture.
This is already implemented. From package changelog:
- Use capabilities to be able to run capture as a non-root user. In easy system permissions mode all users can capture traffic. In secure system permissions mode, must be added to the wireshark group to capture.
See https://bugzilla.opensuse.org/show_bug.cgi?id=957624
If it is not already, this should be made the default in openSuSE. Does this need a bugzilla?
Actually it should NOT be the default, as general network package capturing should be limited to specific users. In this case those added to the wireshark group.
Andreas
Thanks, Andreas. I had already fixed it locally using setcap back in 2013-14 or somewhere about then, whenever Wireshark implemented it. I was surprised that it seemed to be news to some on the other mailing list, and a bugzilla was suggested then, but I thought I'd ask here first. Glad I did. :) -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ==============================================================
At Tuesday, 8 January 2019, 13:33:46 CET Andreas Stieger wrote:
Actually it should NOT be the default, as general network package capturing should be limited to specific users. In this case those added to the wireshark group.
Where can I find the openSUSE documentation explaining alle user groups in openSUSE, and the effective difference if a user is member of one of the groups or not? My Tumbleweed computer shows for 'wc -l /etc/group' the result of 53 groups. Somtimes, I can read in google results, I need to get member of a special group to get a program working. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 01/08/2019 07:33 AM, Andreas Stieger wrote:
This is already implemented. From package changelog:
Will following the instructions in that bug report result in it working? When looking at the original Wireshark instructions, I see "1. Ensure that you have installed the necessary tools, such as the setcap command." What are the necessary -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 10/01/2019 15.35, James Knott wrote:
On 01/08/2019 07:33 AM, Andreas Stieger wrote:
This is already implemented. From package changelog:
Will following the instructions in that bug report result in it working? When looking at the original Wireshark instructions, I see "1. Ensure that you have installed the necessary tools, such as the setcap command." What are the necessary
No, the bugreport doesn't explain how to make it work for only a group. Only that they are doing it that way. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 01/10/2019 09:43 AM, Carlos E. R. wrote:
On 10/01/2019 15.35, James Knott wrote:
On 01/08/2019 07:33 AM, Andreas Stieger wrote:
This is already implemented. From package changelog: Will following the instructions in that bug report result in it working? When looking at the original Wireshark instructions, I see "1. Ensure that you have installed the necessary tools, such as the setcap command." What are the necessary No, the bugreport doesn't explain how to make it work for only a group. Only that they are doing it that way.
Hopefully, it will be included in the next version of Leap. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hello, On 1/10/19 4:17 PM, James Knott wrote:
Hopefully, it will be included in the next version of Leap.
As of now, Leap 15.1 will not get this but follow SLE 15 still, which is Wireshark 2.4.x. Not saying that this cannot be changed - it just won't get SUSE maintenance anymore. Again a reminder on the whole proposition of Leap is the stability of an Enterprise distribution, which may result in the latest and grates not always to be be dropped in. If for a single package this is undesirable the community can deviate. Andreas -- Andreas Stieger <astieger@suse.com> Head of Product Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, 2019-01-10 at 15:43 +0100, Carlos E. R. wrote:
On 10/01/2019 15.35, James Knott wrote:
On 01/08/2019 07:33 AM, Andreas Stieger wrote:
This is already implemented. From package changelog:
Will following the instructions in that bug report result in it working? When looking at the original Wireshark instructions, I see "1. Ensure that you have installed the necessary tools, such as the setcap command." What are the necessary
No, the bugreport doesn't explain how to make it work for only a group. Only that they are doing it that way.
Why not configure it like this: chgrp $GROUP /usr/bin/dumpcap chmod 750 /usr/bin/dumpcap setcap cap_net_raw=ep /usr/bin/dumpcap Now all members of group $GROUP may capture packets. I'm using "wheel" here. The only annoyance is that the capabilities are reset whenever wireshark is updated. Martin -- Dr. Martin Wilck <mwilck@suse.com>, Tel. +49 (0)911 74053 2107 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, 10 Jan 2019, 16:51:16 +0100, Martin Wilck wrote:
On Thu, 2019-01-10 at 15:43 +0100, Carlos E. R. wrote:
On 10/01/2019 15.35, James Knott wrote:
On 01/08/2019 07:33 AM, Andreas Stieger wrote:
This is already implemented. From package changelog:
Will following the instructions in that bug report result in it working? When looking at the original Wireshark instructions, I see "1. Ensure that you have installed the necessary tools, such as the setcap command." What are the necessary
No, the bugreport doesn't explain how to make it work for only a group. Only that they are doing it that way.
Why not configure it like this:
chgrp $GROUP /usr/bin/dumpcap chmod 750 /usr/bin/dumpcap setcap cap_net_raw=ep /usr/bin/dumpcap
Now all members of group $GROUP may capture packets. I'm using "wheel" here.
The only annoyance is that the capabilities are reset whenever wireshark is updated.
But, this can be easily overcome with an entry in /etc/permissions.local as follows (again, replace $GROUP with your specific choice, "wheel" in Martin's example): /usr/bin/dumpcap root:$GROUP 0750 +capabilities cap_net_raw=ep No more worries about any future update ;)
Martin
Cheers. l8er manfred
On 10/01/2019 17.34, Manfred Hollstein wrote:
On Thu, 10 Jan 2019, 16:51:16 +0100, Martin Wilck wrote:
On Thu, 2019-01-10 at 15:43 +0100, Carlos E. R. wrote:
But, this can be easily overcome with an entry in /etc/permissions.local as follows (again, replace $GROUP with your specific choice, "wheel" in Martin's example):
/usr/bin/dumpcap root:$GROUP 0750 +capabilities cap_net_raw=ep
No more worries about any future update ;)
Thanks! I was not aware that "permisions" could also set capabilities. Note: run "chkstat --system --set" to apply. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On Friday, 11 January 2019 4:53:26 ACDT Carlos E. R. wrote:
On 10/01/2019 17.34, Manfred Hollstein wrote:
On Thu, 10 Jan 2019, 16:51:16 +0100, Martin Wilck wrote:
On Thu, 2019-01-10 at 15:43 +0100, Carlos E. R. wrote: But, this can be easily overcome with an entry in /etc/permissions.local as follows (again, replace $GROUP with your specific choice, "wheel" in
Martin's example): /usr/bin/dumpcap root:$GROUP 0750
+capabilities cap_net_raw=ep
No more worries about any future update ;)
Thanks! I was not aware that "permisions" could also set capabilities.
Note: run "chkstat --system --set" to apply.
Excellent! My only suggested change would be: +capabilities cap_net_admin,cap_net_raw=ep as originally suggested on the Wireshark wiki. Tested and works here. :) Now, this needs to be documented in a README file in the wireshark package, and perhaps displayed after installation. It would be good to have it somewhere on the openSUSE wiki too (not sure where it belongs). It would be even better if the capabilties were set by rpm as part of the install script, but the group may vary from system to system so a default group (e.g. wheel or wireshark) may not work for everyone. I guess it is easy to add a user to an extra group, though, as long as the need to do so is well documented and brought to the users' (or admins') attention. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ==============================================================
On Sat, 2019-01-12 at 00:01 +1030, Rodney Baker wrote:
Excellent! My only suggested change would be:
+capabilities cap_net_admin,cap_net_raw=ep
True. That's how it's documented. But I've never set cap_net_admin, and so far I've been able to capture everything I wanted. Therefore I left it out in my suggestion, as I wouldn't recommend adding an extra capability about which I don't know why, and under which circumstances, it is needed. Maybe someone else can fill that in. Martin -- Dr. Martin Wilck <mwilck@suse.com>, Tel. +49 (0)911 74053 2107 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 10/01/2019 16.51, Martin Wilck wrote:
On Thu, 2019-01-10 at 15:43 +0100, Carlos E. R. wrote:
On 10/01/2019 15.35, James Knott wrote:
On 01/08/2019 07:33 AM, Andreas Stieger wrote:
This is already implemented. From package changelog:
Will following the instructions in that bug report result in it working? When looking at the original Wireshark instructions, I see "1. Ensure that you have installed the necessary tools, such as the setcap command." What are the necessary
No, the bugreport doesn't explain how to make it work for only a group. Only that they are doing it that way.
Why not configure it like this:
chgrp $GROUP /usr/bin/dumpcap chmod 750 /usr/bin/dumpcap setcap cap_net_raw=ep /usr/bin/dumpcap
Now all members of group $GROUP may capture packets. I'm using "wheel" here.
The only annoyance is that the capabilities are reset whenever wireshark is updated.
Yes, but we can edit /etc/permisions.local, and they will be set again to our liking. The bugzilla proposes these settings: permissions.easy 335:/usr/bin/dumpcap root:root 0755 permissions.paranoid 345:/usr/bin/dumpcap root:root 0755 permissions.secure 373:/usr/bin/dumpcap root:root 0755 I assume that this way users in the "root" group could run capture as users, then. Or do we also need to run setcap as well? Sorry, I'm not familiar with the utility. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Hi, On Tue, Jan 08, Rodney Baker wrote:
openSuSE, however, for some time now, Wireshark has had privilege separation
If it is not already, this should be made the default in openSuSE. Does this
There was never a project called "openSuSE", it was always "openSUSE". Please write the project name correct the next time. Like there is no "SuSE", it's called "SUSE" since about 15 years. Thanks, Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Tuesday, 8 January 2019 23:12:46 ACDT Thorsten Kukuk wrote:
Hi,
On Tue, Jan 08, Rodney Baker wrote:
openSuSE, however, for some time now, Wireshark has had privilege separation
If it is not already, this should be made the default in openSuSE. Does this There was never a project called "openSuSE", it was always "openSUSE". Please write the project name correct the next time. Like there is no "SuSE", it's called "SUSE" since about 15 years.
Thanks, Thorsten
Noted. Perhaps you'd better raise a bugzilla to correct the spelling legacy config files. For example, the comments from /etc/permissions.local on my TW machine... "# This file is used by SuSEconfig and chkstat..." ...not to mention multiple other config files using "SuSE" and "openSuSE" in comments and copyright notices. /etc/dialogrc /etc/permissions* /etc/services /etc/termcap /etc/vimrc They're just the ones that grep turned up. Regards, Rodney. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ==============================================================
...not to mention multiple other config files using "SuSE" and "openSuSE" in comments and copyright notices.
/etc/dialogrc /etc/permissions* /etc/services /etc/termcap /etc/vimrc
There are also other casings, e.g. I found OPENSUSE, OpenSUSE, OpenSuSE, OpenSuse, Opensuse, openSUSE, openSuSE and opensuse in /usr/share/. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 09/01/2019 11.02, Joachim Wagner wrote:
...not to mention multiple other config files using "SuSE" and "openSuSE" in comments and copyright notices.
/etc/dialogrc /etc/permissions* /etc/services /etc/termcap /etc/vimrc
There are also other casings, e.g. I found OPENSUSE, OpenSUSE, OpenSuSE, OpenSuse, Opensuse, openSUSE, openSuSE and opensuse in /usr/share/.
And LibreOffice still does not correct it correctly. For example, at the start of a sentence it corrects openSUSE to OpenSUSE automatically (Bug 730912) -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Hi, On Wed, Jan 09, Rodney Baker wrote:
Noted. Perhaps you'd better raise a bugzilla to correct the spelling legacy config files. For example, the comments from /etc/permissions.local on my TW machine...
From time to time we really create bug reports so that people fixes their packages, and I think there are meanwhile even rpmlint rules. But this does not help if people continue to use the wrong spelling...
"# This file is used by SuSEconfig and chkstat..."
Beside that this must be very old (when did we drop SuSEconfig? 15 years ago?), the name of the tool was really SuSEconfig and not SUSEconfig.
...not to mention multiple other config files using "SuSE" and "openSuSE" in comments and copyright notices.
/etc/dialogrc /etc/permissions* /etc/services /etc/termcap /etc/vimrc
They're just the ones that grep turned up.
While there are clearly some wrong names (openSuSE as used in dialogrc did never exist), most of them are correct: the name of the company was SuSE * in the past, so you are legally not allowed to change them in Copyright notices or something similar. Look at /etc/permissions as mentioned by you above as example: You cannot change: Copyright (c) 2001 SuSE GmbH Nuernberg, Germany to Copyright (c) 2001 SUSE LLC. Nuernberg, Germany because SUSE LLC did not exist in 2001. And the next line: Copyright (c) 2011 SUSE Linux Products GmbH Nuernberg, Germany. is correct, 2011 it was SUSE Linux Products GmbH and it is written with upper "U". Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SLES & MicroOS SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendoerffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
From time to time we really create bug reports so that people fixes their packages, and I think there are meanwhile even rpmlint rules. But this does not help if people continue to use the wrong spelling...
In those cases where development happens on github (or similar open system) it would help to be shown a link to the repository when starting the bug submission process as in cases like this a simple pull request fixing the typo is much more likely to succeed.
[...] most of them are correct: the name of the company was SuSE * in the past, so you are legally not allowed to change them in Copyright notices or something similar.
/etc/ seems to be fairly clean. However, see my other reply with case-variants of "opensuse" found under /usr/share/. Joachim -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, 9 Jan 2019 at 11:15, Joachim Wagner <jwagner@computing.dcu.ie> wrote:
/etc/ seems to be fairly clean. However, see my other reply with case-variants of "opensuse" found under /usr/share/.
And a quick application of logic would reveal that the vast majority (if not the entirety) of the incorrect formatting of our trademarks in /usr/share are from upstream documentation. Which helps express the importance of everyone getting it right as consistently as possible and helping spread the word & contribute corrections as far and wide as possible The only correct formatting of the name of this project is "openSUSE", and it has been since it's inception. Period. There is no point discussing it further on this thread. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wednesday, 9 January 2019 20:45:01 ACDT Joachim Wagner wrote:
From time to time we really create bug reports so that people fixes their packages, and I think there are meanwhile even rpmlint rules. But this does not help if people continue to use the wrong spelling...
In those cases where development happens on github (or similar open system) it would help to be shown a link to the repository when starting the bug submission process as in cases like this a simple pull request fixing the typo is much more likely to succeed.
[...] most of them are correct: the name of the company was SuSE * in the past, so you are legally not allowed to change them in Copyright notices or something similar.
/etc/ seems to be fairly clean. However, see my other reply with case-variants of "opensuse" found under /usr/share/.
Joachim
A recursive grep on /etc reveals many more hits - xdg/menu/applications.menu and SuSEfirewall2 seem to be the worst offenders - but I'll stop there. -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ==============================================================
On Wed, Jan 09, 2019 at 10:07:18PM +1030, Rodney Baker wrote:
On Wednesday, 9 January 2019 20:45:01 ACDT Joachim Wagner wrote:
From time to time we really create bug reports so that people fixes their packages, and I think there are meanwhile even rpmlint rules. But this does not help if people continue to use the wrong spelling...
In those cases where development happens on github (or similar open system) it would help to be shown a link to the repository when starting the bug submission process as in cases like this a simple pull request fixing the typo is much more likely to succeed.
[...] most of them are correct: the name of the company was SuSE * in the past, so you are legally not allowed to change them in Copyright notices or something similar.
/etc/ seems to be fairly clean. However, see my other reply with case-variants of "opensuse" found under /usr/share/.
Joachim
A recursive grep on /etc reveals many more hits - xdg/menu/applications.menu and SuSEfirewall2 seem to be the worst offenders - but I'll stop there.
SuSEfirewall2 is discontinued already. ;) Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (11)
-
Andreas Stieger -
Carlos E. R. -
Cisbug -
James Knott -
Joachim Wagner -
Manfred Hollstein -
Marcus Meissner -
Martin Wilck -
Richard Brown -
Rodney Baker -
Thorsten Kukuk