Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: xarchiver - Archive manager for Xfce https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217311 ------- Additional Comments From pertusus@xxxxxxx 2006-11-28 11:28 EST ------- Unused dependency on sonames. I haven't investigated where they come from, most probable is .pc file not using correctly *.private (libm and libdl are certainly not problematic): /usr/lib/libatk-1.0.so.0 /lib/libm.so.6 /usr/lib/libpangocairo-1.0.so.0 /usr/lib/libpango-1.0.so.0 /usr/lib/libcairo.so.2 /lib/libgmodule-2.0.so.0 /lib/libdl.so.2 There is a requires for binutils, for ar, for .deb. Also reading src/deb.c, it seems to me that the files in /tmp are not safely created, opening the possibility of a symlink in tmp attack. Maybe the manipulation should be done in a /tmp subdir. I haven't checked the other /tmp use, some look clearly right, for others there is a need to look at the code. in src/callback.c, in xa_activate_link, I think it would be relevant to add a search from htmlview, and add a Requires for htmlview. Otherwise a Requires firefox could be used, but I think it would be much better to call htmlview. There is also a missing requires of cpio for rpm. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review