On Sat, Mar 22, 2008 at 11:40:30PM +0000, Kevin Kofler wrote: > Stephen Warren <s-t-rhbugzilla <at> wwwdotorg.org> writes: > > I'm curious why the packaging guidelines aren't more specific re: the > > requirements for the BuildRoot tag. > > Because there were endless fights over which of the 3 BuildRoots now listed is > the right one, so they ended up just allowing all 3 as a compromise to stop the > fights. By the way, the first one (the mktemp) is listed as preferred, but the > second one is actually the one used by almost all packages (partly for > historical reasons, it used to be the one which was mandated). > > >From a security standpoint, all those variants are flawed though (even the > mktemp is subject to a race condition), there is a proposal by Lubomir Kundrak > to fix the mess: > http://fedoraproject.org/wiki/PackagingDrafts/SecureBuildRoot > but so far it's just a proposal. polyinstantiated namespaces such as /tmp could solve the race cleanly too. Mock already knows how to do namespaces... -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
