[Bug 219972] Review Request: poker-network - A poker server, client and abstract user interface library

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: poker-network - A poker server, client and abstract user interface library
Alias: poker-network

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219972





------- Additional Comments From chris.stone@xxxxxxxxx  2007-01-24 17:21 EST -------
> MUSTFIX
> =======
> * Upstream bug #1454 that will allow this to be a noarch package.

Should be fixed.

> * Create a 'poker' user for running the server for better security

I used user "games" instead.

> * /usr/share/doc/poker-network-1.0.33/NIHPHOBIA is cute, but not really
>   necessary, is it?

Removed.

> * Don't use %{version} in the patch filenames.  The version in a patch
>   filename is supposed to reflect the package version when the patch
>   was first introduced, not the current package version.

Fixed.

> 
> SHOULD
> ======
> * Add selinux policies to poker-server for better security

Need help from you on this.

> * Patch tests/Makefile.in and configure in poker-network-1.0.33-config.patch
>   so that you don't have to call 'autoreconf' during %build.  Hopefully
>   upstream will adopt this patch in a new release so that it becomes a
>   moot point.

They will, not sure it's worth the effort since the patch will be in the next
release.

> * Use %{_initrddir} instead of %{_sysconfdir}/init.d

Done.

> * Use double quotes around the sed regsub pattern to avoid potential
>   problems if %{python_sitelib} were to ever contain a space.

There already are double quotes around this path in the init file.

> 
> NOTES and Questions
> ===================
> * poker-network and poker2d (BZ #222612) use the same upstream source
>   tarball, but different spec files.  My understanding is that this is
>   so that poker-network can be marked as 'noarch', while poker2d will contain
>   arch-specific bits.  As far as I am aware, there are no problems
>   using the same source file for two different spec files, aside from
>   duplication in the resulting srpm.

No, the packages are seperated because they need to use different %configure
options.  The fact that it allows us to make one package noarch is a beneficial
side-effect.

> * Why does the package contain a x509 certificate for 'webmaster@localhost'?
> 

09:38:57       XulChris | dachary: reviewer wants to know: "Why does the package
contain a x509 certificate for 'webmaster@localhost'?"
09:38:57        dachary |  :-)
09:39:12        dachary |  for the SSL conx to the poker server
09:39:46       XulChris | dachary: i dont know anything about x509 certificates,
but what if you dont have a webmaster user name or use "localhost"?
09:40:12        dachary |  it's a self signed certificate
09:40:21        dachary |  the email does not matter much
09:40:33       XulChris | so its nothing i have to generate at build time then?
09:40:41        dachary |  it's a place holder that must be replaced if you're
serious about security
09:40:47        dachary |  no


-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review

[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]