[Bug 1586295] Review Request: rubygem-bootsnap - Boot large ruby/ rails apps faster

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1586295



--- Comment #7 from Pavel Valena <pvalena@xxxxxxxxxx> ---
> I am fine to skip the test failure this time for armv7hl.

I'll file a bug when the component is created.
In the meantime I'll exclude the armv7hl arch, as it does not work at all.

> You can move CODE_OF_CONDUCT.md to %files doc?

Sure, I somehow overlooked it...

> Other things look okay!

I do not think wee need to do anything with the `call-to-mktemp` - see below.

Reading the code:
 * On C level [1] - expects atomic access to a file (used for caching only,
reasonable hashing method is used); and
 * On Ruby level [2] - Mutex is used for synchronizing the Threads

Furthermore, reading CAPEC[3], as suggested by rpmlint, none of the Attack
Prerequisites are not met AFAICT.
This gem is also heavily used and developed at Shopify (and now enabled by
default in any Rails app). Concluding that any security concerns one might have
have been very probably already investigated.

[1]
https://github.com/Shopify/bootsnap/blob/684acfd9b8c1298a026dd6b9c2ffeb173d11e949/ext/bootsnap/bootsnap.c#L466
[2]
https://github.com/Shopify/bootsnap/blob/684acfd9b8c1298a026dd6b9c2ffeb173d11e949/lib/bootsnap/load_path_cache/cache.rb#L11
[3] http://capec.mitre.org/data/definitions/29.html

Additionally, I've commented out any $CFLAGS modification in `extconf.rb` file
to use the default Fedora ones.

I've updated the links again, Scratch-build:
  https://koji.fedoraproject.org/koji/taskinfo?taskID=27490538

Thanks for the review!

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx/message/E4GUMXFHL4SGC3MXAOBYVU2WUTJOJBTN/




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux