Stephen Warren <s-t-rhbugzilla <at> wwwdotorg.org> writes: > I'm curious why the packaging guidelines aren't more specific re: the > requirements for the BuildRoot tag. Because there were endless fights over which of the 3 BuildRoots now listed is the right one, so they ended up just allowing all 3 as a compromise to stop the fights. By the way, the first one (the mktemp) is listed as preferred, but the second one is actually the one used by almost all packages (partly for historical reasons, it used to be the one which was mandated). >From a security standpoint, all those variants are flawed though (even the mktemp is subject to a race condition), there is a proposal by Lubomir Kundrak to fix the mess: http://fedoraproject.org/wiki/PackagingDrafts/SecureBuildRoot but so far it's just a proposal. Kevin Kofler -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
