Please do not reply directly to this email. All additional comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=225660 Lubomir Rintel <lkund...@v3.sk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lkund...@v3.sk --- Comment #2 from Lubomir Rintel <lkund...@v3.sk> 2009-01-18 16:45:00 EDT --- (In reply to comment #1) > - license seems to be GPLv2+. A lot of files are GPL+, some are GPLv2+, some > have no license at all. A cleanup of those would be nice Certain files (xen_hyper*) use GPLv2 (only), spot already fixed this in CVS. > Other problems (fixed) There are yet more: - You use "Revision" tag to mark upstream release, which is wrong. It is meant to be used to version the SPEC file. Given you (package owner, "crash" group, seem to be upstream, you can definitely fix this by changing the versioning scheme. (e.g use 4.0.8 instead of 4.0-8)) - The bundled gdb is old and has issues. It is likely that some of older GDB security problems affect it: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1704 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1705 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4146 Please address those, if they are relevant. Notify your SRT that you bundle GDB code and communicate with GDB upstream (or people involved in Archer, your colleagues) to avoid having to bundle GDB in longer run. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-review
