https://bugzilla.redhat.com/show_bug.cgi?id=2048261 --- Comment #8 from Sandro Mani <manisandro@xxxxxxxxx> --- Can you please elaborate? - The pgadmin4 code (as a webapp) is packaged pretty much in unmodified form identical to upstream - To simplify packaging, rather than going through the huge task of packaging yet another chromium engine (nwjs), I wrote a thin qt5webengine wrapper to act as a browser - Regarding the security issues, I assume you refer to the SECRET_KEY. This was indeed an oversight, I've dropped that hunk in pgadmin4-6.4-5.fc36 Suggestions for moving forward: - If it is unacceptable for upstream to have the qtwebengine wrapper in the pgadmin package, I'm happy to move it to a separate package. - The unmodified upstream code would stay in the pgadmin4 package. The main package can contain a README how to manually run pgadmin4 in an existing browser. Would that be acceptable? Thanks for any constructive feedback. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2048261 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
