On Mon, Mar 19, 2018 at 8:21 AM, <cheese@xxxxxxxxxxxxxx> wrote: > > > On Mon, 12 Mar 2018, Paul W. Frields wrote: > >> The introduction of non-persistent /run has apparently created an >> issue where some RPM packages raise verification issues depending on >> the umask present when a process from that package starts. The issue >> is further explained in a tracking bug here: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1553916 > > > Can not check that bug, as it is an internal one at least i have no > permission to read that. That's my fault, linked improperly. Ignore it as it's a private bug. It's not useful anyway, the later bug is. >> While arguably not a showstopper for Fedora, it's certainly an >> annoyance to have RPMs not verify post-installation when a packaged >> service is started. This situation's also potentially harmful >> downstream to RHEL. It means that customers who have to go through >> audit processes for STIG[1] compliance will get dinged (even if >> explainable) for this packaging issue. >> >> Note that in the tracking bug above, there's a reference to a specific >> example which was fixed appropriately for resource-agents: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1462802 >> >> Would packaging folks agree that it's worth fixing files not using >> tmpfiles.d (https://fedoraproject.org/wiki/Packaging:Tmpfiles.d) to do >> so? > > > +1 Thanks for input here. -- Paul _______________________________________________ packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx
