Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=756179 --- Comment #3 from Joe VLcek <JVLcek@xxxxxxxxxx> 2011-11-23 08:50:41 EST --- (In reply to comment #2) > I'll be afk for a while soon, and probably won't be back before 4pm > (10am your time), but here's some initial feedback: > > I noticed that this code uses /tmp/audrey as a "STORAGE_DIR", > > src/config.ru:storage_dir = ENV['STORAGE_DIR'] || '/tmp/audrey' > > described as: > > # Directory where aeolus-configserver stores the instance configrations > > First, that's a typo: s/configrations/configurations/ > > More importantly, I don't see anything that guarantees /tmp/audrey has > been created by us and that it isn't writable by others. > Sounds risky to use a hard-coded name like that. > What if someone else has already created it? Thank you for you feedback Jim. I'll address these issue. I also realized that I had commented out the rake under the %build in the spec while doing some development. I'll fix that too and post a new review. Joe -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review