Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Review Request: autodownloader - GUI-tool to automate the download of certain files https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238366 ------- Additional Comments From j.w.r.degoede@xxxxxx 2007-04-30 10:44 EST ------- (In reply to comment #4) > Okay, happy to review. > > (In reply to comment #3) > > The 3rd paragraph is there to make it clear / emphasize that although > > autodownloader is mean't to download files which we cannot distribute, that > > autodownloader itself is 100% OSS. > Autodownloader would have to be OSS to make it into Fedora, if you want to make > it clear, I'd perfer something to the effect of: > "NOTE: Autodownloader while open source may download files which are not > permitted to be distributed in Fedora" Okay, I'll change it into the above. > > The order of the 1st and 2nd paragraph is like this, because I think the > proper > > order to describe the use is first describing why and then how. The how only > > makes little sense without first knowing the why. > I think what it is, is more important than why you want to use it, why you want > to use it, is what a developer or another packager would want to know, and they > most likely have had a tip off from another maintainer that the package is > useful for what they wish to do > > The reason you have what it is first, is so users can decide if they really > want to have it on their system without been bored to death first. > Well the second paragraph is hard to understand for someone not into the matter without first reading the first, it can be reworded to not depend on the first, but that won't make things clearer IMHO, also I think its important to have the first paragraph there, to make it clear how this is different from yum / a wget gui. > Also, I'm tempted to suggest that before inclusion, a database of downloaded > files may need to be created, (also meaning that programs that have downloaded > files, should ALWAYS require autodownloader) with a %preun to remove downloaded > files (remembering that you wouldn't be able to remove autodownloader without > removing dependencies that require the files first). This prevents > unneeded/unwanted files been left behind after uninstall. > Interesting point, but autodownloader is not suid anything, and thus cannnot write to such a global log file. It was designed to run as a normal user and download files to dirs under the users $HOME. Yes this has a few downsides, but from a security POV, this really is the best solution IMHO. We might need to take another look at this (adding a suid helper written in C) which can install files under /usr if autodownloader becomes popular and is used to download big(ger) files. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug, or are watching the QA contact. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review