[Bug 1756582] Review Request: sshguard - Protect hosts from brute-force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1756582



--- Comment #5 from Michal Schorm <mschorm@xxxxxxxxxx> ---
2.5)
Personally, I see as the most important having an usefull error message on a
expected and easy-to-find place.
The program provides such message, so I'm absolutelly fine with that.
I primarly wanted to find out if that's expected.

4)
> Should I open a new review request for each and link to them from here?
If you would pack them to Fedora, definitelly yes - it needs a standard new
package review.


I took a look at the libraries.
I grepped SPECfiles of all of the pcakges in Rawhide; tarball of just those
SPECs can be found here:
http://src.fedoraproject.org/repo/rpm-specs-latest.tar.xz (Mentioning just in
case you'd find it handy later in your packager life)


The 'fnv' library is packed in Fedora only as a rust version, which won't help
us much.
  https://src.fedoraproject.org/rpms/rust-fnv
However ... as I'm strolling through the author's pages
(http://www.isthe.com/chongo/tech/comp/fnv/#FNV-reference-source), I see the
latest version:
  fnv-5.0.3.tar.gz  [updated: 2012 May 20]
so it's not upated much often :)

In this case, I'd be fine with bundling it; even though it's a MUST to properly
mark it as bundled in the SPEC. With a short justification.


There is another package which bundles the 'simclist' library:
 
https://src.fedoraproject.org/rpms/pcsc-lite-acsccid/blob/master/f/pcsc-lite-acsccid.spec#_22
It's not clear from the SPEC, but in its pcakage review, the reason is stated
as purpose not strong enough to pack it as a standalone package.
UPDATE:
* I've contacted it't maintainer and ve uncovered, there's were more packages
which were missing the mention of the bundling.

Since the 'simclist' is not updated from 2010, I'm fine to bundle it too.
  http://mij.oltrelinux.com/devel/simclist/#downloadinstall
  http://mij.oltrelinux.com/devel/simclist/simclist-1.5-changes.txt
This should be reconsidered once more packages that would require it would
appear.

UPDATE:
* The latest upstream version is 1.5, however there are project on the internet
(and in Fedora and Debian too), which has version 1.6, that appeared ...
somewhere.
  Hopefully as a typo, but it may be worth deeper investigation and eventually
need to ask upstream to release a bumped version to keep the sync.

--

Mark the bundles correctly for both packages.
After that I'll re-do the review. But it looks promising now :)

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux