Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=551878 Michael Schwendt <mschwendt@xxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mschwendt@xxxxxxxxx --- Comment #10 from Michael Schwendt <mschwendt@xxxxxxxxx> 2010-01-06 16:07:41 EDT --- * License is "GPLv3+" because of the "any later version" in the GPL header of the source files. * Why are the *.py source files not included in the font-manager-0.4.2-4.fc12.noarch build? That's so untypical for Python. It may be necessary to patch the Makefile to install the *.py files and possibly take the chance to compile with -O1 instead of -O0. * Here are some Python specific packaging guidelines: https://fedoraproject.org/wiki/Packaging:Python * The "tmpdir" code in /usr/share/font-manager/export.py* is reason to worry. While shutil.rmtree does not follow symlinks, an attacker could cause another user's font-manager to crash (raising an OSError exception) by creating arbitrary symlinks in /tmp. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review