On Thu, 2008-06-12 at 14:48 +0200, Jindrich Novy wrote:
Opinions?
One of the reasons why the mktemp option is appealing is because it is
not predictable, and helps lessen the security risks of knowing where
the buildroot is going to be and inserting malicious files.
The only reason we use
Tom spot Callaway wrote:
On Thu, 2008-06-12 at 14:48 +0200, Jindrich Novy wrote:
Opinions?
One of the reasons why the mktemp option is appealing is because it is
not predictable, and helps lessen the security risks of knowing where
the buildroot is going to be and inserting malicious
On Thursday 12 June 2008 15:46:24 Tom spot Callaway wrote:
On Thu, 2008-06-12 at 14:48 +0200, Jindrich Novy wrote:
Opinions?
One of the reasons why the mktemp option is appealing is
because it is
not predictable, and helps lessen the security risks of knowing
where
the buildroot is going
Hallo.
Some time ago we started a discussion of the possibility of spec file
unification between openSUSE and Fedora.
Very early in this discussion we stated, that both are working around
the some problems caused by RPM itself. It costs packagers effort,
installation time and packages
On Thursday 12 June 2008 17:14:12 you wrote:
On Thu, 2008-06-12 at 16:31 +0200, Per Øyvind Karlsen wrote:
Better wear your helmet on both the inside and outside of the
house,
just in case..
Careful, crazy is contagious. *cough*
In all seriousness, I'm not convinced that the benefits of
Tom spot Callaway wrote:
On Thu, 2008-06-12 at 17:53 +0200, Stanislav Brabec wrote:
openSUSE use chroots inside Xen secured build hosts in Build Service.
Yes, I didn't mean to imply that you were vulnerable while Fedora is
not. Apologies if it came across like that.
I only wanted to agree,
Tom \spot\ Callaway [EMAIL PROTECTED] writes:
The only reason we use mktemp in there is because we couldn't make rpm
code changes to use the native glibc functions. As to rpm
--short-circuit, well, I honestly think we should think long and hard
about whether we want to keep it around.
well,
On Thu, 2008-06-12 at 19:38 +0200, Pixel wrote:
Tom \spot\ Callaway [EMAIL PROTECTED] writes:
The only reason we use mktemp in there is because we couldn't make rpm
code changes to use the native glibc functions. As to rpm
--short-circuit, well, I honestly think we should think long and
Stanislav Brabec [EMAIL PROTECTED] writes:
Particular problems there may have different severity and different
complexity. The worst one seems to be Problems of Scriptlets / Database
rebuild.
mandriva is currently experimenting something on this subject:
On Thursday 12 June 2008 19:48:37 Tom spot Callaway wrote:
On Thu, 2008-06-12 at 19:38 +0200, Pixel wrote:
Tom \spot\ Callaway [EMAIL PROTECTED] writes:
The only reason we use mktemp in there is because we
couldn't make rpm
code changes to use the native glibc functions. As to rpm
Two camps of thought.. If you build a binary AND SRPM, you better not
short-circuit or you won't have a reproducible build. In this case,
short-circuit is bad and shouldn't be used for anything but working
through problems.
Then there are folks like us, we use RPM as a container/shipment
11 matches
Mail list logo
