https://bugzilla.redhat.com/show_bug.cgi?id=977646 --- Comment #3 from Marcin.Dulak@xxxxxxxxx --- (In reply to Christopher Meng from comment #2) > 1) These 3 pm files are scripts, is it ok to put them under /etc? are they actually used, or only provided as examples of hooks? If they are just examples then let's store them under docs, e.g: %doc hooks and we don't need to change hooksdir=/etc/mylvmbackup/hooks in /etc/mylvmbackup.conf If they are necessary for mylvmbackup then it's OK to have such files under /etc (there are already several executables there: find /etc -perm 755 -type f), my suggestion is as in comment #1 > > 2) /etc/mylvmbackup.conf has permision 0600L because it contains the MySQL > root user's password. I don't think we want to expose that to any user on > the system. > > 3) I will pull in mariadb-server instead of -libs because this is a script > for backup, not just need a file. In order to backup database we need to > have a running databases. OK, mariadb-server pulls mariadb-libs as dependency What about EL6: mysql-server? I guess having mylvmbackup in EPEL is more interesting than Fedora. > > I know the problem, and I think upstream should create a new feature that > reading such information from a file instead of script itself, right? There is a "--password=string" option to mylvmbackup, but that just moves sensitive data to a script that calls it, instead of having it in /etc/mylvmbackup.conf Encryption would be desirable here. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ehMpfXjKDu&a=cc_unsubscribe _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review