| |
packager |
rpm id |
test |
status |
message |
 |
vseleznv |
diod-1.0.24.0.53.git0d87511-alt2.x86_64 |
init-lsb |
warn |
/etc/rc.d/init.d/diod: lsb init header missing. See http://www.altlinux.org/Services_Policy for details. |
 |
vseleznv |
lua5.4-module-luasocket-3.1.0-alt2_lr1.x86_64 |
unsafe-tmp-usage-in-scripts |
fail |
The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/luarocks/rocks-5.4/luasocket/3.1.0-1/test/cgi/cat: $ grep /tmp/ /usr/lib/luarocks/rocks-5.4/luasocket/3.1.0-1/test/cgi/cat #!/bin/sh echo Content-type: text/plain echo cat > /tmp/luasocket.cat.tmp cat /tmp/luasocket.cat.tmp |
 |
vseleznv |
tcl-devel-8.6.13-alt1.x86_64 |
arch-dep-package-has-big-usr-share |
info |
The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere. |
|
vseleznv |
urxvt-resize-font-2016.04.27.0-alt1.x86_64 |
missing-url |
info |
Missing Url: in a package. |