Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: bugzilla - bug tracking tool https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188359 tibbs@xxxxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|bugzilla-sink@xxxxxxxxxxxxx |tibbs@xxxxxxxxxxx OtherBugsDependingO|163776 |163778 nThis| | ------- Additional Comments From tibbs@xxxxxxxxxxx 2006-04-25 13:31 EST ------- This is really shaping up so I'll go ahead and sign on for a review. (Others are certainly welcome to join in.) Let's dispense with rpmlint stuff: W: bugzilla no-documentation You moved all of the documentation off to the -doc subpackage. The usual practise seems to be to keep some basic documentation like changelogs or readmes in the main package and move extensive stuff off to the subpackage; I'd suggest keeping QUICKSTART, README and UPGRADING* in the base package but it's certainly up to you as there's no hard rule here. E: bugzilla script-without-shellbang /var/www/bugzilla/template/en/default/admin/keywords/list.html.tmpl E: bugzilla script-without-shellbang /var/www/bugzilla/template/en/default/admin/keywords/edit.html.tmpl E: bugzilla script-without-shellbang /var/www/bugzilla/contrib/gnatsparse/README E: bugzilla script-without-shellbang /var/www/bugzilla/contrib/gnatsparse/magic.py E: bugzilla script-without-shellbang /var/www/bugzilla/template/en/default/admin/keywords/create.html.tmpl E: bugzilla script-without-shellbang /var/www/bugzilla/template/en/default/admin/keywords/rebuild-cache.html.tmpl E: bugzilla script-without-shellbang /var/www/bugzilla/Bugzilla/Bug.pm E: bugzilla script-without-shellbang /var/www/bugzilla/template/en/default/admin/keywords/created.html.tmpl E: bugzilla script-without-shellbang /var/www/bugzilla/template/en/default/admin/keywords/confirm-delete.html.tmpl E: bugzilla script-without-shellbang /var/www/bugzilla/contrib/gnatsparse/gnatsparse.py These all have executable permission, but they shouldn't. Perhaps the python scripts should, but they would need to start with #!/usr/bin/python. E: bugzilla version-control-internal-file /var/www/bugzilla/template/en/.cvsignore E: bugzilla version-control-internal-file /var/www/bugzilla/template/.cvsignore E: bugzilla version-control-internal-file /var/www/bugzilla/Bugzilla/.cvsignore E: bugzilla-doc version-control-internal-file /var/www/bugzilla/docs/.cvsignore These should all be deleted. E: bugzilla non-executable-script /var/www/bugzilla/contrib/gnats2bz.pl 0644 E: bugzilla non-executable-script /var/www/bugzilla/contrib/cvs-update.pl 0644 E: bugzilla non-executable-script /var/www/bugzilla/contrib/sendbugmail.pl 0644 E: bugzilla non-executable-script /var/www/bugzilla/contrib/jb2bz.py 0644 E: bugzilla non-executable-script /var/www/bugzilla/contrib/sendunsentbugmail.pl 0644 E: bugzilla non-executable-script /var/www/bugzilla/contrib/yp_nomail.sh 0644 E: bugzilla-doc non-executable-script /var/www/bugzilla/docs/makedocs.pl 0644 I think it's safe to ignore these, but we'll have to think about consistency. W: bugzilla non-conffile-in-etc /etc/httpd/conf.d/bugzilla.conf Safe to ignore. E: bugzilla wrong-script-interpreter /var/www/bugzilla/contrib/jb2bz.py "/usr/local/bin/python" Should probably be fixed. About the contrib directory: Is it safe, or even appropriate to stick this stuff in the webroot? I would argue that it isn't, or that access to it from the web should be severely restricted. Generally this kind of thing is packaged (execute bits off) with the documentation as examples or under /usr/lib Is everything in /var/www/bugzilla intended to be visible from the web or accessed by one of the scripts run by the web server? Stuff that's run from cron jobs shouldn't be there. What about the t directory? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact.