Re: RFS: task-spooler

To: Alexander Inyukhin <shurick@sectorb.msk.ru>, debian-mentors@lists.debian.org
Cc: 466542@bugs.debian.org
Subject: Re: RFS: task-spooler
From: David Bremner <bremner@unb.ca>
Date: Fri, 02 Sep 2011 21:47:49 -0300
Message-id: <[🔎] 87ippazc22.fsf@zancas.localnet>
In-reply-to: <[🔎] 20110901203907.GA30101@shurick.s2s.msu.ru>
References: <[🔎] 20110901203907.GA30101@shurick.s2s.msu.ru>

On Fri, 2 Sep 2011 00:39:07 +0400, Alexander Inyukhin <shurick@sectorb.msk.ru> wrote:
> * Package name    : task-spooler
>   Version         : 0.7.0-1~rc1
>   Upstream Author : Lluís Batlle i Rossel <viric@vicerveza.homeunix.net>
> * URL             : http://vicerveza.homeunix.net/~viric/soft/ts/
> * License         : GPLv2+
>   Section         : misc

Hi Alexander;

Thanks for working on task-spooler. I have used it before and found it
pretty useful.

Some comments

     - you miss Gentoo Foundation as copyright holder for the ebuild files

     - your version number is odd. If your package is ready for upload
      (in your opinion) it should have a version like 0.7.0-1

     - I have a vague memory of this being discussed before, but I can't
       find the discussion now.  As far as I can tell, there are several
       ways in which the socket setup could be improved.

       - I don't really understand why the permissions on
         /tmp/socket-ts.$uid are group and world readable.

       - having the socket in world writable location makes ts
         vulnerable to a denial of service attack.

       wouldn't it be better to put the socket in a mode 0700 directory
       e.g. in the users home directory?

David

Reply to:

Follow-Ups:
- Re: RFS: task-spooler
  - From: Ansgar Burchardt <ansgar@debian.org>

References:
- RFS: task-spooler
  - From: Alexander Inyukhin <shurick@sectorb.msk.ru>

Prev by Date: Re: RFS: dwm
Next by Date: RFS: openssn
Previous by thread: RFS: task-spooler
Next by thread: Re: RFS: task-spooler
Index(es):
- Date
- Thread