On Fri, Sep 02, 2011 at 09:47:49PM -0300, David Bremner wrote: > On Fri, 2 Sep 2011 00:39:07 +0400, Alexander Inyukhin > <shur...@sectorb.msk.ru> wrote: > > * Package name : task-spooler > > Version : 0.7.0-1~rc1 > > Upstream Author : Lluís Batlle i Rossel <vi...@vicerveza.homeunix.net> > > * URL : http://vicerveza.homeunix.net/~viric/soft/ts/ > > * License : GPLv2+ > > Section : misc > > Hi Alexander;
Hi David, thanks for your comments. I hope all these issues are solved in the latest release of the package. > Thanks for working on task-spooler. I have used it before and found it > pretty useful. > > Some comments > > - you miss Gentoo Foundation as copyright holder for the ebuild files > > - your version number is odd. If your package is ready for upload > (in your opinion) it should have a version like 0.7.0-1 > > - I have a vague memory of this being discussed before, but I can't > find the discussion now. As far as I can tell, there are several > ways in which the socket setup could be improved. > > - I don't really understand why the permissions on > /tmp/socket-ts.$uid are group and world readable. > > - having the socket in world writable location makes ts > vulnerable to a denial of service attack. > > wouldn't it be better to put the socket in a mode 0700 directory > e.g. in the users home directory? -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111011184021.ga2...@shurick.s2s.msu.ru
