The file used by default really, really should not be hidden.

What file?

@cqi: Unless the -f option is used, rpkg uses .rpmlint file in the repository.

I'm not sure there is much else we can do other than rename the file so that it's at least visible. A log message could also be printed about what file is used.

Since rpkg-1.53, the default rpmlint configuration file is <module_name>.rpmlintrc. If .rpmlint is still being used, a message will be output to tell using the new filename. This should be a step-forward for this issue. @tibbs If you think the new change is an acceptable solution for this issue, shall we close this issue?

So I noticed that F27 has a sufficiently new rpkg and tried it out.

It's certainly better that it complains in preparation for the actual deprecation, but I wouldn't think that anything is fixed until the actual deprecation happens and nothing looks at .rpmlint at all. But I don't know what your plans for the deprecation are, and whether you want to keep a ticket open as a reminder. That's up to you.

This issue has been unresolved for more than a year, and is going to be closed within a week if no further action is taken. If you feel this is in error, please contact me.
This is a cleaning process suggested by Jay Greguske. Copy of this ticket was already closed in JIRA tracker.

Well, I mean, it's still a security issue. If those just go away because they're old then I guess the security job has gotten much easier.

rpmlint has supposedly grown some form of non-executable configuration support. I don't know how that works yet or if it exists in a released version. If that's the case then all that would remain is to ensure that fepdkg lint will never used the old executable format. That deserves more investigation.