Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#58559 - [gitlab][gitlab-shell] Packages shouldn't provide secret files

Attached to Project: Community Packages
Opened by Jonas Hahnfeld (hahnjo) - Saturday, 12 May 2018, 13:19 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Sunday, 29 July 2018, 15:11 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Sven-Hendrik Haase (Svenstaro)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Everyone should generate their own secrets, the packages shouldn't provide known (= insecure) default values. This might need documentation in the wiki.
This task depends upon

Closed by  Sven-Hendrik Haase (Svenstaro)
Sunday, 29 July 2018, 15:11 GMT
Reason for closing:  Won't fix
Additional comments about closing:  These packages already have a note to the user to install a secure bytestring there. The secret files in both cases need to be there during installation and I think it makes sense to provide them in the package so that permissions are at least correct.
Comment by Sven-Hendrik Haase (Svenstaro) - Monday, 14 May 2018, 09:15 GMT
It needs the secrets to compile/install. I suppose I could remove them again after that is done. It's likely a sane choice to force users to generate their own secrets. Can you make a patch for both packages that also adds notes to the .install files which makes users aware that this is something they have to do?

Loading...