-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note that is not just a fc? vs fc23 issue; just for example:
1) Which RPMFusion packages use %license? (http://fedoraproject.org/wiki/Packaging:LicensingGuidelines#License_Text) $ repoquery -f /usr/share/licenses/* --disablerepo=fedora,updates - --enablerepo=rpmfusion-free-updates-testing or $ repoquery -f /usr/share/licenses/* --disablerepo=fedora,updates - --enablerepo=rpmfusion-free And which ones push a COPYING in a bad directory? $ repoquery -f /usr/share/doc/*/COPYING* --disablerepo=fedora,updates - --enablerepo=rpmfusion-free 2) Which RPMFusion packages are **rebuilt** by including hardening flags? (http://fedoraproject.org/wiki/Packaging:Guidelines#Compiler_flags https://fedoraproject.org/wiki/Changes/Harden_All_Packages) Just for example I chosen that most famous: $ rpm -qa ffmpeg ffmpeg-2.8.3-1.fc23.x86_64 (Good! It has been rebuilt for F23) $ rpm -q --list ffmpeg | grep bin /usr/bin/ffmpeg /usr/bin/ffplay /usr/bin/ffprobe /usr/bin/ffserver /usr/bin/qt-faststart # checksec --file /usr/bin/ffmpeg Ops! 'Partial RELRO' and 'No PIE' warnings $ rpm -qa ffmpeg-compat ffmpeg-compat-0.6.7-9.fc23.x86_64 (Ops! Still fc22 but okay, it's working) $ rpm -q --list ffmpeg | grep COPYING /usr/share/doc/ffmpeg/COPYING.GPLv2 /usr/share/doc/ffmpeg/COPYING.GPLv3 /usr/share/doc/ffmpeg/COPYING.LGPLv2.1 /usr/share/doc/ffmpeg/COPYING.LGPLv3 (Ops! Packaging rules violation) $ rpm -q --list ffmpeg-compat | grep lib /usr/lib64/libavcodec.so.52 /usr/lib64/libavcodec.so.52.72.2 /usr/lib64/libavdevice.so.52 /usr/lib64/libavdevice.so.52.2.0 /usr/lib64/libavfilter.so.1 /usr/lib64/libavfilter.so.1.19.0 /usr/lib64/libavformat.so.52 /usr/lib64/libavformat.so.52.64.2 /usr/lib64/libavutil.so.50 /usr/lib64/libavutil.so.50.15.1 /usr/lib64/libpostproc.so.51 /usr/lib64/libpostproc.so.51.2.0 /usr/lib64/libswscale.so.0 /usr/lib64/libswscale.so.0.11.0 # checksec --file /usr/lib64/libavcodec.so.52.72.2 Ops! 'Partial RELRO' warning Therefore, am I exagerrating? Okay, but please don't tell me that ALL RPMFusion packages respect packaging guidelines of Fedora. - -- Antonio Trande mailto: sagitter 'at' fedoraproject 'dot' org http://fedoraos.wordpress.com/ https://fedoraproject.org/wiki/User:Sagitter GPG Key: 0x565E653C Check on https://keys.fedoraproject.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWhRoTAAoJEF5tK7VWXmU8iswH/0b1wEDOAlKW10xYt5rhwq2R 41irVEf/VMbB8wARDDWLXVxlWAeVy/NEcKcQfVaHYYets1zZyykyXXIgNej2kM2L 2SQBWiAfIzTncVO9nEkjlpKmfWLbDgzM2T75gq8ifC0yi7ZZttv3qmLyLDuLWF57 0oiLDEtlIF9MkWixxfCVnOVKq5w2vGE8GzimhYxVv7x6YHHEuGny4dMTL9K80rxv RxJQ/lDIrQAuIc4+i/wW64g0sISIVYVPevxwFXTsprpALrorOCTTsapA0xUwq5rf yMiSfOM6mcU2tq5ywg4YKivtaqlAXlg0+4wGAolzMUznI9C97K8/PZQpurZOpeY= =1u9b -----END PGP SIGNATURE-----