[PKG-Openstack-devel] Bug#880597: python-oslo.concurrency: Align with Ubuntu
Thomas Goirand
thomas at goirand.fr
Thu Nov 2 21:15:45 UTC 2017
On 11/02/2017 06:40 PM, Corey Bryant wrote:
> Package: python-oslo.concurrency
> Version: 3.21.0-2
> Severity: normal
> Tags: patch
> User: ubuntu-devel at lists.ubuntu.com
> Usertags: origin-ubuntu bionic ubuntu-patch
>
> Dear Maintainer,
>
>
> In Ubuntu, the attached patch was applied to achieve the following:
>
> - d/rules: Run all tests.
> - d/control: Retain Breaks/Replaces.
As I wrote earlier, I don't think even Ubuntu needs that.
> - d/gbp.conf: Retain git-buildpackage config, including use of pristine-tar.
We're not using pristine-tar, and there's no reason to have a gbp.conf
file in each repository. So we've decided to simplify our lives and
completely remove it.
> - d/p/lock-path-tempfile.patch: Cherry picked from upstream to set default
> of lock_file to a tempfile if OSLO_LOCK_PATH isn't set (LP: #1550188).
I'm very concerned about this, and see it as a security problem.
Shouldn't lock files be accessible only by a single user? Normally,
application access it through /var/lock. Using /tmp is potentially
dangerous (if a user writes a lock file in /tmp that the application
expects to use).
After I wrote the above, I noticed the patch was reverted for the exact
reason I'm describing above:
https://review.openstack.org/#/c/285294/
Your thoughts?
> - d/p/fix-tests-i386.patch: Fix tests that fail on i386 builds.
That's a very smart patch and simple, I'll apply it.
> - d/watch: Use tarballs.openstack.org.
We wont apply that.
Cheers,
Thomas Goirand (zigo)
More information about the Openstack-devel
mailing list