[Bug 2244318] Review Request: ssh-audit - a SSH server & client security auditing tool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=2244318



--- Comment #2 from Neil Hanlon <neil@xxxxxxxx> ---
Thank you for the review!

I've made quite a few changes to the spec, as well as renamed it to just
`ssh-audit` to conform with the current naming policies for python "binaries",
as this is not supposed to be used as a library, necessarily.

Regarding your comments:

> a) Koji build: https://koji.fedoraproject.org/koji/taskinfo?taskID=107583245
Great, thank you.

> b) Can any of the tests be run?

I tried for a bit to get the tox tests to run against python3.12, but my
knowledge is slightly lacking here. The %tox macro completes, but doesn't
appear to have spent enough time to have actually run the test suite. Any
advice here would be appreciated. I did run tox manually inside a rawhide
container substituting 3.12 for 3.11, and the tests do appear to pass. I think
there is something going on with the tox macro I don't quite understand.

> c) If not tests or only a minimal set of tests can be run, for example due
to network use or missing dependencies, can %py3_check_import macro  be
added to the %check section

Since tox doesn't appear to be doing what I think it should, I've added this
into the check section as well.

> d) Can the newer packaging macros be used, see:
> https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/

Yep - Migrated over to them. I thought something was off about the spec...

> e) Upstream publishes signatures:
> https://github.com/jtesta/ssh-audit/releases/tag/v3.0.0
> May want to use these, though getting source from pypi is also fine

Noted, and added %gpgverify to the spec. As a note, I was not able to find the
pubkey anywhere except in the Github Releases for a version, it would be best I
think to have it somewhere else, though it matters little once it is initially
imported. Still, I will open a ticket with the upstream to discuss that.


New specs:

Spec URL: https://neil.fedorapeople.org/for-review/ssh-audit.spec
SRPM URL:
https://neil.fedorapeople.org/for-review/ssh-audit-3.0.0-1.fc40.src.rpm


-- 
You are receiving this mail because:
You are always notified about changes to this product and component
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2244318

Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202244318%23c2
_______________________________________________
package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite Conditions]     [KDE Users]

  Powered by Linux