Use the annocheck program from the annobin package to produce an analysis of the security hardening of a compiled package when reviewing a Bodhi update.
-1 based on what was said in the devel thread.
namely https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/E7G7J6SYDEOJCCJU5455IAMGESTHTLTN/
Technically, I'm +1 to the change but not with such proposal. It should be properly handled with Fedora CI (whatever that means), be in "dry-run" mode for a few weeks/months and only after that I'm ready to vote on enabling it on the all changes.
To @churchyard link, the problem with rpmbuild that brp-scripts are not that powerful. There needs to be some automatic BuildRequires generator for brp scripts and automated run of them, not asking people to do that manually. I thought about this, but haven't came up with the proposal: https://github.com/rpm-software-management/rpm/issues/308.
Anyway, this discussion is pretty pointless in the FESCo ticket and Fedora CI folks (@pingou?) should be involved in this.
-1 to this Change Proposal at this point.
-1 to the change, for the same reasons as @ignatenkobrain
It's disappointing that there have been exactly zero messages from the change owner on the mailing list. The proposal was clearly an interesting idea that had support from various people, but it was also clear that the check was attached in the wrong place. Various alternatives were floated, but without dialogue from the change owner, there is no choice but to reject.
-1
-1 as well
After 7 days, this is at +0,0,-5 - according to out ticketing policy, tagging with meeting, however arguably it is on it's way to be rejected.
Metadata Update from @churchyard: - Issue tagged with: meeting
See also
https://lists.fedoraproject.org/archives/list/ci@lists.fedoraproject.org/thread/7IOZLJQYB3WJ2GLHRHN5V7F3BNACNKNR/
@dcantrel is working on adding annocheck features to rpminspect, and rpminspect is alreay available as a system-wide test in Fedora Rawhide gating (with some messaging issues which we are still figuring out)
Given the above, I am -1 on the current proposal, but not the idea, and there is a work in progress to make it happen but in a different form
This was discussed in today's FESCo meeting: agreed REJECTED (0, 0, -6). info Change Owners are encouraged to resubmit after taking feedback into account.
Metadata Update from @zbyszek: - Issue close_status updated to: Rejected - Issue status updated to: Closed (was: Open)
Metadata Update from @zbyszek: - Issue untagged with: meeting
Metadata Update from @zbyszek: - Issue tagged with: F32
Metadata Update from @bcotton: - Issue untagged with: F32 - Issue set to the milestone: Fedora 32 - Issue tagged with: system wide change
Log in to comment on this ticket.