Bug#466542: RFS: task-spooler
On Fri, 2 Sep 2011 00:39:07 +0400, Alexander Inyukhin <shurick@sectorb.msk.ru> wrote:
> * Package name : task-spooler
> Version : 0.7.0-1~rc1
> Upstream Author : Lluís Batlle i Rossel <viric@vicerveza.homeunix.net>
> * URL : http://vicerveza.homeunix.net/~viric/soft/ts/
> * License : GPLv2+
> Section : misc
Hi Alexander;
Thanks for working on task-spooler. I have used it before and found it
pretty useful.
Some comments
- you miss Gentoo Foundation as copyright holder for the ebuild files
- your version number is odd. If your package is ready for upload
(in your opinion) it should have a version like 0.7.0-1
- I have a vague memory of this being discussed before, but I can't
find the discussion now. As far as I can tell, there are several
ways in which the socket setup could be improved.
- I don't really understand why the permissions on
/tmp/socket-ts.$uid are group and world readable.
- having the socket in world writable location makes ts
vulnerable to a denial of service attack.
wouldn't it be better to put the socket in a mode 0700 directory
e.g. in the users home directory?
David
Reply to: