http://bugzilla.suse.com/show_bug.cgi?id=1143216 Bug ID: 1143216 Summary: AUDIT-0: mousepad: New PolKit rules added Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: tux93@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 811924 --> http://bugzilla.suse.com/attachment.cgi?id=811924&action=edit Full build log mousepad update 0.4.2 has added polkit rules [ 84s] RPMLINT report: [ 84s] =============== [ 85s] mousepad.x86_64: I: polkit-cant-acquire-privilege org.xfce.mousepad (no:auth_admin:auth_admin) [ 85s] Usability can be improved by allowing users to acquire privileges via [ 85s] authentication. Use e.g. 'auth_admin' instead of 'no' and make sure to define [ 85s] 'allow_any'. This is an issue only if the privilege is not listed in [ 85s] /etc/polkit-default-privs.* [ 85s] [ 85s] mousepad.x86_64: W: package-with-huge-docs 55% [ 85s] More than half the size of your package is documentation. Consider splitting [ 85s] it into a -doc subpackage. [ 85s] [ 85s] mousepad.x86_64: E: polkit-untracked-privilege (Badness: 10000) org.xfce.mousepad (no:auth_admin:auth_admin) [ 85s] The privilege is not listed in /etc/polkit-default-privs.* which makes it [ 85s] harder for admins to find. Furthermore polkit authorization checks can easily [ 85s] introduce security issues. If the package is intended for inclusion in any [ 85s] SUSE product please open a bug report to request review of the package by the [ 85s] security team. Please refer to [ 85s] https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for [ 85s] more information. [ 85s] [ 85s] (none): E: badness 10000 exceeds threshold 1000, aborting. [ 85s] 3 packages and 0 specfiles checked; 1 errors, 1 warnings. OBS Repo: https://build.opensuse.org/package/show/home:tux93:branches:X11:xfce/mousepa... -- You are receiving this mail because: You are on the CC list for the bug.