On Wed, Oct 29, 2025 at 10:59:20AM +0100, Siteshwar Vashisht wrote: > TLDR: This report[1] contains a total of 47352 findings and 843 new > findings identified since Fedora 43. Please review the report and > provide feedback. False positives can now be recorded in the > known-false-positives[5] repository.
snip > [1] https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-28-Oct-2025/ This report only lists 300 packages, which seems shorter than I'd expect. It doesn't mention libvirt or qemu at all which I believe are critical path packages. > [3] https://openscanhub.fedoraproject.org/task/ Finding libvirt/QEMU here: libvirt: https://openscanhub.fedoraproject.org/task/78570/ qemu: https://openscanhub.fedoraproject.org/task/78767/ The scan is reported as failed, and in the stdout.log I find + /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/qemu-10.1.0.tar.xz /usr/bin/xz: Failed to enable the sandbox /usr/bin/tar: This does not look like a tar archive /usr/bin/tar: Exiting with failure status due to previous errors error: Bad exit status from /var/tmp/rpm-tmp.444pqA (%prep) Bad exit status from /var/tmp/rpm-tmp.444pqA (%prep) It looks like there's an infrastructure problem with the openscanhub environment that is breaking the xz command sandbox in some manner. Presumably this will mean all RPMs that have .xz sources are going to be missing from the report linked above. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
