[Bug 1756582] Review Request: sshguard - Protect hosts from brute-force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1756582

Michal Schorm <mschorm@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|fedora-review?              |fedora-review+



--- Comment #14 from Michal Schorm <mschorm@xxxxxxxxxx> ---
In Fedora, we have a "minimal buildroot". Set of packages that are always
present for any build.
Currectly, it consist of ~150 packages and you can check them e.g. in mock,
when you init a rawhide environment, then you shell inside and run "rpm -qa".

I'm, however, not aware of any "minimal root".
You can install your package alone, by e.g. "dnf install --releasever="30"
--installroot="/tmp/empty_test_area/" sshguard-2.4.0-10.fc32.x86_64.rpm".
It will pull in tree of the dependencies you specified, but I wouldn't trust
that all of the runtime dependecies your package need will be magically pulled
in.

Let's say: 'mkfs' a very usefull and standard utility. If you'd depend on the
feeling, all mkfs binaries are from the same package, you'd be mistaken.
Just run "rpm -qf /usr/sbin/mkfs*" to see yourself.

Last real-world example, why knowing your dependencies pays off:
Time to time, your dependency tree changes, as the packages you depend on
develop or dies.
Suddenly, your package stops building. Searching for why uncover, that your
dependency used zlib. You used it also for your package.
But because you haven't specified it as a buildrequires, and the package you
depend on changed in a way it doesn't need zlib anymore, it won't successfuly
build anymore.

---

I like how the package looks now.
I'm granting you the "fedora-review +".

I also believe, you are worthy of the packager status, but since I'm not a
Sponsor, I can't grant it to you.
Yoou need to find a sponsor.



If you'd have any questions, feel free to ask me.
Also I recommend Fedora IRC channels and mailing lists, where you can find
help, answers, guidance and explanations.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux