#2268 F32 System-Wide Change: Annobin Used By Bodhi
Closed: Rejected 3 years ago by zbyszek. Opened 3 years ago by bcotton.

Use the annocheck program from the annobin package to produce an analysis of the security hardening of a compiled package when reviewing a Bodhi update.

Technically, I'm +1 to the change but not with such proposal. It should be properly handled with Fedora CI (whatever that means), be in "dry-run" mode for a few weeks/months and only after that I'm ready to vote on enabling it on the all changes.

To @churchyard link, the problem with rpmbuild that brp-scripts are not that powerful. There needs to be some automatic BuildRequires generator for brp scripts and automated run of them, not asking people to do that manually. I thought about this, but haven't came up with the proposal: https://github.com/rpm-software-management/rpm/issues/308.

Anyway, this discussion is pretty pointless in the FESCo ticket and Fedora CI folks (@pingou?) should be involved in this.

-1 to this Change Proposal at this point.

-1 to the change, for the same reasons as @ignatenkobrain

It's disappointing that there have been exactly zero messages from the change owner on the mailing list. The proposal was clearly an interesting idea that had support from various people, but it was also clear that the check was attached in the wrong place. Various alternatives were floated, but without dialogue from the change owner, there is no choice but to reject.


After 7 days, this is at +0,0,-5 - according to out ticketing policy, tagging with meeting, however arguably it is on it's way to be rejected.

Metadata Update from @churchyard:
- Issue tagged with: meeting

3 years ago

See also


@dcantrel is working on adding annocheck features to rpminspect, and rpminspect is alreay available as a system-wide test in Fedora Rawhide gating (with some messaging issues which we are still figuring out)

Given the above, I am -1 on the current proposal, but not the idea, and there is a work in progress to make it happen but in a different form

This was discussed in today's FESCo meeting:
agreed REJECTED (0, 0, -6).
info Change Owners are encouraged to resubmit after taking feedback into account.

Metadata Update from @zbyszek:
- Issue close_status updated to: Rejected
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata Update from @zbyszek:
- Issue untagged with: meeting

3 years ago

Metadata Update from @zbyszek:
- Issue tagged with: F32

3 years ago

Metadata Update from @bcotton:
- Issue untagged with: F32
- Issue set to the milestone: Fedora 32
- Issue tagged with: system wide change

2 years ago

Login to comment on this ticket.