Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=770174 --- Comment #9 from Kevin Kofler <kevin@xxxxxxxxxxxxxxxx> 2012-01-01 12:17:06 EST --- > No rpmlint is right to warn, it is not like you can do: > /usr/share/applications/kde4/kde-partitionmanager.desktop > And have it do something, like you can do ie: > /bin/ls > And have it do something, so the file should not be marked executable. If more > kde4 packages are doing this then I say BAD kde4 ! :) No, rpmlint is wrong to warn. For security reasons, KDE requires .desktop files to have the executable bit set in most cases. This prevents e-mails from shipping a .desktop file as an attachment which runs some nasty command, possibly even a self-replicating worm. Now, there's an exception for files in /usr and/or owned by root, so for RPMs, it doesn't actually matter whether the +x bit is set or not, but KDE upstream considers that a backwards compatibility hack, and upstream always installs all .desktop files as executable. (As I understand it, the idea is that they should all be +x, we're just not there yet.) See: * http://mail.gnome.org/archives/desktop-devel-list/2009-February/msg00132.html (which I think didn't end up getting applied though) * http://lists.kde.org/?l=kde-core-devel&m=123532436728689&w=4 * http://lists.kde.org/?l=kde-core-devel&m=128595109525156&w=4 We need to get this rpmlint warning dropped, and IMHO we should also make it a SHOULD or even a MUST in our packaging guidelines to have that +x bit set, and eventually start making desktops drop those compatibility hacks and just require +x on all .desktop files. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review