https://bugzilla.redhat.com/show_bug.cgi?id=1917128 --- Comment #10 from Vasiliy Glazov <vascom2@xxxxxxxxx> --- 1. LGPG license name must be LGPLv2 instead of LGPLv2.1 2. rpmlint errors efitools.x86_64: E: call-to-mktemp /usr/bin/efi-readvar efitools.x86_64: E: call-to-mktemp /usr/bin/efi-updatevar should be reported to upstream. $ rpmlint -I call-to-mktemp call-to-mktemp: This executable calls mktemp. As advised by the manpage (mktemp(3)), this function should be avoided. Some implementations are deeply insecure, and there is a race condition between the time of check and time of use (TOCTOU). See http://capec.mitre.org/data/definitions/29.html for details, and contact upstream to have this issue fixed. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
