[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#466542: RFS: task-spooler

On Fri, Sep 02, 2011 at 09:47:49PM -0300, David Bremner wrote:
> On Fri, 2 Sep 2011 00:39:07 +0400, Alexander Inyukhin <shurick@sectorb.msk.ru> wrote:
> > * Package name    : task-spooler
> >   Version         : 0.7.0-1~rc1
> >   Upstream Author : Lluís Batlle i Rossel <viric@vicerveza.homeunix.net>
> > * URL             : http://vicerveza.homeunix.net/~viric/soft/ts/
> > * License         : GPLv2+
> >   Section         : misc
> 
> Hi Alexander;

Hi David,

thanks for your comments.
I hope all these issues are solved in the latest release of the package.

> Thanks for working on task-spooler. I have used it before and found it
> pretty useful.
> 
> Some comments
> 
>      - you miss Gentoo Foundation as copyright holder for the ebuild files
> 
>      - your version number is odd. If your package is ready for upload
>       (in your opinion) it should have a version like 0.7.0-1
> 
>      - I have a vague memory of this being discussed before, but I can't
>        find the discussion now.  As far as I can tell, there are several
>        ways in which the socket setup could be improved.
> 
>        - I don't really understand why the permissions on
>          /tmp/socket-ts.$uid are group and world readable.
> 
>        - having the socket in world writable location makes ts
>          vulnerable to a denial of service attack.
> 
>        wouldn't it be better to put the socket in a mode 0700 directory
>        e.g. in the users home directory?
Reply to: