Copilot commented on code in PR #50359: URL: https://github.com/apache/arrow/pull/50359#discussion_r3520430360
########## dev/release/binary/Dockerfile: ########## @@ -40,6 +40,8 @@ RUN \ RUN gem install apt-dists-merge -v ">= 1.0.2" +RUN chmod 1777 /var/lib/rpm Review Comment: `chmod 1777 /var/lib/rpm` makes the RPM database directory world-writable, which is broader than needed and can allow unintended modification of the RPM DB (even in a container). A tighter approach is to grant write access only to the Arrow user’s group (GID 10000 here) and keep the directory non-world-writable. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
