Source: netrek-client-cow
Version: 3.3.1-1
Severity: serious
Justification: breaks build infrastructure

When mkkey fails to run, netrek-client-cow has a very bad failure mode.
It loops until mkkey succeeds:

| until ./mkkey key.cow.linux "Client Of Win" "automatic packaged key" 
"qu...@us.netrek.org" "netrek.org/files/COW/" "inl,standard2"; do sleep 1; done

When mkkey fails reliably and produces output, this causes the build to
run indefinitely as sbuild only abort a build that has no output for a
prologned time. This behaviour can make buildds and QA infrastructure
hang.

I suggest using a bounded loop and failing hard after a number of
attempts. That's a very simple solution to the problem at hand. For
instance:

| attempts=32; until ./mkkey ...; do attempts=$((attempts - 1)); test $attempts 
-le 0 && exit 1; sleep 1; done

Furthermore I question why a key should be created at build time and
then be distributed to consumers of the package. That seems to run
counter to the concept of a "key". If the key is to protect anything, it
must not be public. Maybe the best course of action would be not
creating this key at all during build.

Helmut

Reply via email to