On Thu, Dec 15, 2022 at 7:51 AM Vitaly Zaitsev via devel <devel@lists.fedoraproject.org> wrote: > > On 15/12/2022 13:34, Neal Gompa wrote: > > That stopped working several releases ago. > > It should be fixed then. Please report this issue to dnf component. > > Some suggestions for current implementation: > > 1. Please rewrite the first run script from Bash to Python. Running bash > scripts as root is extremely dangerous. One mistake or empty variable > can cause a disaster. > > Example: rm -rf /usr/$foo. If the $foo variable is empty, it will wipe > the entire /usr. Also everyone can inject any commands and execute them > as root. Example: $foo = '; curl .... | bash'. >
I don't take user input, so this doesn't matter, but... > 2. Please do a network presence check before doing anything. Most users > store Wi-Fi passwords in a KDE/GNOME keyring and there is no network > access during the boot. The script will fail instantly. > ... doing this will require Python anyway. > 3. Please check if the full ffmpeg-libs or libavcodec-freeworld are > installed. In such configurations, OpenH264 is not needed. > Meh. > 4. Please implement an opt-out switch. Some users don't want openh264 > from Cisco's third-party repository to be installed. > Already exists. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
