Bug 748446 - Review Request: crudminer - Find known-vulnerable software in a web root
Summary: Review Request: crudminer - Find known-vulnerable software in a web root
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: Package Review
Version: rawhide
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Brett Lentz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-10-24 13:41 UTC by Konstantin Ryabitsev
Modified: 2011-11-23 00:59 UTC (History)
4 users (show)

Fixed In Version: crudminer-0.3.2-2.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-10-26 18:31:45 UTC
Type: ---
Embargoed:
brett.lentz: fedora-review+
gwync: fedora-cvs+


Attachments (Terms of Use)

Description Konstantin Ryabitsev 2011-10-24 13:41:05 UTC
Spec URL: http://fedorapeople.org/~icon/f/crudminer.spec
SRPM URL: http://fedorapeople.org/~icon/f/crudminer-0.3.2-1.fc15.src.rpm
Description:
Locate known-vulnerable software in a web root by comparing the installed files
against a list of known-vulnerable products.

Comment 1 Konstantin Ryabitsev 2011-10-26 13:42:16 UTC
To test, run "crudminer /usr/share/doc/crudminer-*/tests".

Comment 2 Brett Lentz 2011-10-26 15:13:24 UTC
$ rpmlint crudminer.spec 
0 packages and 1 specfiles checked; 0 errors, 0 warnings.

$ rpm -ivvv ~/rpmbuild/RPMS/noarch/crudminer-0.3.2-1.fc16.noarch.rpm 
D: ========== Directories not explicitly included in package:
D:          0 /etc/
D:          2 /usr/bin/
D:          3 /usr/share/doc/
D:         98 /usr/share/man/man5/
D:         99 /var/lib/



Other comments:

Summary:    Find known-vulnerable software in a web root

"known-vulnerable" isn't really a compound word. You can drop the hyphen. 

The phrase "web root" isn't something I'm familiar with. Is there a better way to describe what you mean by this phrase?


%description
Locate known-vulnerable software in a web root by comparing the installed files
against a list of known-vulnerable products.


The use of known-vulnerable twice is a bit redundant. I'd consider revising it.

Comment 3 Brett Lentz 2011-10-26 15:23:07 UTC
In %install and %clean you have both $RPM_BUILD_ROOT and %{buildroot}. Please pick one, and use it consistently throughout the spec.

See also: http://fedoraproject.org/wiki/Packaging/Guidelines#Using_.25.7Bbuildroot.7D_and_.25.7Boptflags.7D_vs_.24RPM_BUILD_ROOT_and_.24RPM_OPT_FLAGS

Comment 4 Brett Lentz 2011-10-26 15:27:08 UTC
Just to be clear. 

Comment #2 is minor quibbles, not required to fix. Just things to consider for future builds.

Comment #3 is the only thing that needs to be fixed before the package can be approved.

Comment 5 Konstantin Ryabitsev 2011-10-26 15:46:06 UTC
Thank you.

Updated spec file and .src.rpm:
http://fedorapeople.org/~icon/f/crudminer.spec
http://fedorapeople.org/~icon/f/crudminer-0.3.2-2.fc15.src.rpm

Comment 6 Brett Lentz 2011-10-26 16:03:58 UTC
Looks good to me. Approved.

Comment 7 Konstantin Ryabitsev 2011-10-26 16:10:47 UTC
Thanks, Brett!

New Package SCM Request
=======================
Package Name: crudminer
Short Description: Find and report insecure web software in a web root
Owners: icon
Branches: f15 f16 el4 el5 el6
InitialCC:

Comment 8 Gwyn Ciesla 2011-10-26 16:21:25 UTC
Git done (by process-git-requests).

Comment 9 Konstantin Ryabitsev 2011-10-26 18:31:45 UTC
Thanks, all.

Comment 10 Fedora Update System 2011-10-26 18:39:44 UTC
crudminer-0.3.2-2.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/crudminer-0.3.2-2.fc15

Comment 11 Fedora Update System 2011-10-26 18:39:52 UTC
crudminer-0.3.2-3.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/crudminer-0.3.2-3.el5

Comment 12 Fedora Update System 2011-10-26 18:40:01 UTC
crudminer-0.3.2-2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/crudminer-0.3.2-2.fc16

Comment 13 Fedora Update System 2011-10-26 18:40:09 UTC
crudminer-0.3.2-2.el4 has been submitted as an update for Fedora EPEL 4.
https://admin.fedoraproject.org/updates/crudminer-0.3.2-2.el4

Comment 14 Fedora Update System 2011-10-26 18:40:18 UTC
crudminer-0.3.2-2.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/crudminer-0.3.2-2.el6

Comment 15 Fedora Update System 2011-11-22 21:28:58 UTC
crudminer-0.3.2-2.el4 has been pushed to the Fedora EPEL 4 stable repository.

Comment 16 Fedora Update System 2011-11-22 21:29:06 UTC
crudminer-0.3.2-2.el6 has been pushed to the Fedora EPEL 6 stable repository.

Comment 17 Fedora Update System 2011-11-22 21:29:22 UTC
crudminer-0.3.2-3.el5 has been pushed to the Fedora EPEL 5 stable repository.

Comment 18 Fedora Update System 2011-11-23 00:54:52 UTC
crudminer-0.3.2-2.fc15 has been pushed to the Fedora 15 stable repository.

Comment 19 Fedora Update System 2011-11-23 00:59:02 UTC
crudminer-0.3.2-2.fc16 has been pushed to the Fedora 16 stable repository.


Note You need to log in before you can comment on or make changes to this bug.