event-driven-servers-1.0-alt7.x86_64	arch-dep-package-has-big-usr-share	info	The package has a significant amount of architecture-independent data in /usr/share, while it is an architecture-dependent package. This is wasteful of mirror space and bandwidth, as we then end up with multiple copies of this data, one for each architecture. If the data in /usr/share is not architecture-independent, it is a policy violation, and in this case, you should move that data elsewhere.; 
event-driven-servers-1.0-alt7.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /etc/mavis/sample/tac_plus-ng.cfg: $ grep /tmp/ /etc/mavis/sample/tac_plus-ng.cfg id = tac_plus-ng { #debug = PACKET AUTHEN AUTHOR log mysyslog log accesslog { destination = /tmp/access.log } log authorlog { destination = /tmp/author.log } log authorlog2 { destination = ">/tmp/author2.log" } access log = mysyslog access log = accesslog authorization log = authorlog accounting log = mysyslog } } } # mavis module = tacinfo_cache { # directory = /tmp/tacinfo0 # } mavis module = groups { resolve gids = yes resolve gids attribute = TACMEMBER; 
tac_plus-ng-1.0-alt7.x86_64	systemd-but-no-native-init	experimental	The package have native systemd file(s) but no  SysV init scripts.