On Sun, Feb 22, 2015 at 01:55:31PM -0700, Kevin Fenzi wrote: > On Sun, 22 Feb 2015 21:25:01 +0100 > Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> wrote: > > > So, my problem is whether the package should go through review in > > current state. My gut feeling is that it shouldn't, but I don't want > > to overstep my role as a reviewer. > > I'd personally agree. Can they not at least make it only listen on > localhost unless configured otherwise? Yes, I agree here, access to elasticsearch allowed to execute arbitrary code in the past. Regards Till -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
