[Bug 551878] Review Request: font-manager - A font management application for the GNOME desktop environment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=551878


Michael Schwendt <mschwendt@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mschwendt@xxxxxxxxx




--- Comment #10 from Michael Schwendt <mschwendt@xxxxxxxxx>  2010-01-06 16:07:41 EDT ---
* License is "GPLv3+" because of the "any later version" in the GPL header of
the source files.

* Why are the *.py source files not included in the
font-manager-0.4.2-4.fc12.noarch build? That's so untypical for Python. It may
be necessary to patch the Makefile to install the *.py files and possibly take
the chance to compile with -O1 instead of -O0.

* Here are some Python specific packaging guidelines:
https://fedoraproject.org/wiki/Packaging:Python

* The "tmpdir" code in /usr/share/font-manager/export.py* is reason to worry.
While shutil.rmtree does not follow symlinks, an attacker could cause another
user's font-manager to crash (raising an OSError exception) by creating
arbitrary symlinks in /tmp.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]