Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: poker-network - A poker server, client and abstract user interface library Alias: poker-network https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219972 ------- Additional Comments From wart@xxxxxxxxxx 2007-01-24 18:29 EST ------- (In reply to comment #53) > > MUSTFIX > > * Create a 'poker' user for running the server for better security > > I used user "games" instead. Better to use a custom user account and not the overloaded 'games' account. This helps prevent a security breach from one game using the 'games' account from compromising other games using the 'games' account. This will require using 'useradd' in the %pre scriptlet. > > * Add selinux policies to poker-server for better security > > Need help from you on this. I'm working on it... > > * Use double quotes around the sed regsub pattern to avoid potential > > problems if %{python_sitelib} were to ever contain a space. > > There already are double quotes around this path in the init file. But the sed command itself would fail if %{python_sitelib} contained a space, unless you surround the regsub pattern with double-quotes. > > NOTES and Questions > > =================== > > * Why does the package contain a x509 certificate for 'webmaster@localhost'? > > > > 09:38:57 XulChris | dachary: reviewer wants to know: "Why does the package > contain a x509 certificate for 'webmaster@localhost'?" > 09:38:57 dachary | :-) > 09:39:12 dachary | for the SSL conx to the poker server > 09:39:46 XulChris | dachary: i dont know anything about x509 certificates, > but what if you dont have a webmaster user name or use "localhost"? > 09:40:12 dachary | it's a self signed certificate > 09:40:21 dachary | the email does not matter much > 09:40:33 XulChris | so its nothing i have to generate at build time then? > 09:40:41 dachary | it's a place holder that must be replaced if you're > serious about security > 09:40:47 dachary | no I suspected it was something like this. poker-server admins should be aware that using the default x509 cert provides no security at all, since everyone has access to the certificate's private key. Please document this in README.Fedora. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review