Kevin Kofler <kevin.kofler@xxxxxxxxx> writes: > From a security standpoint, all those variants are flawed though (even the > mktemp is subject to a race condition), there is a proposal by Lubomir Kundrak > to fix the mess: > http://fedoraproject.org/wiki/PackagingDrafts/SecureBuildRoot > but so far it's just a proposal. It's 100% nuts that the BuildRoot tag even exists. This is something that could and should be handled by intelligence inside rpmbuild, with no need to try to herd developers into agreeing on whatever the theory-of-the-month is. Expecting specfiles to rm -rf the buildroot is just as stupid. I don't grasp why anyone is thinking that hundreds (thousands?) of Fedora developers should deal with these things, rather than fixing it once in RPM itself. regards, tom lane -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
