when building a source RPM, the username and filesystem permissions from the
build host are preserved and end up propagating to a machine you extract them
onto, e.g.. To be able to reproduce SRPMs, we should have predictable
conventions for the permissions and ownership of files.
The idea we have come up with in the reproducibility hackfest was to adopt a
git-style model of permission storage, i.e., dropping most information about
the unix permissions. This model also just makes more sense, overall, for what
source RPMS are.
Additionally, it would be useful to clamp the ownership of the files to
root:root--though this will necessitate ensuring that the applications which
work with RPM input/output respect this clamping and change the permissions if
a user extracts or installs it. (Namely, we don't want a user to install an RPM
with files they cannot touch or see)
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2604
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
