since i have enough of bugzilla-mails as response of bugreports containing referecnes to any Fedora version but not the reported i consider this as bug in the distribution itself https://bugzilla.redhat.com/show_bug.cgi?id=998035 *at least* a "we do not fix this in F18 because <short explaination>" or "it will most likely done in the next package-update for Fq8" would be what anybody who is wasting his time for verify things in the distribution and report bugs/guideline-violations should be a response ___________________________________ hence i even do not understand why not every maintainer is reading http://fedoraproject.org/wiki/Packaging:Guidelines#PIE and after logout from the DE calls "checksec --proc-all" and *MUST enable* in the guidelines is no opt-in as well as read things like http://tk-blog.blogspot.co.at/2009/02/relro-not-so-well-known-memory.html thanks god, some of the packages i reported in the last months are in the meantime fixed - but why maintainers and/or at least QA do not care that the guidelines are respected? "Your package accepts/processes untrusted input" qualifies firefox too and until now https://bugzilla.redhat.com/show_bug.cgi?id=973458 had only a blunty response "I mean the fix is need for xulrunner package, not for the firefox one" - well, the same maintainer for both ___________________________________ If your package meets any of the following criteria you *MUST enable* the PIE compiler flags: * *Your package is long running* This means it's likely to be started and keep running until the machine is rebooted, not start on demand and quit on idle. * Your package has *suid binaries*, or binaries with *capabilities*. * *Your package runs as root* If your package meets the following criteria you should consider enabling the PIE compiler flags: * Your package accepts/processes untrusted input ___________________________________
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
