pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Question about PKG_DEVELOPER and math/py-scipy



Kinoshita Daisuke <kinoshita%astro.ncu.edu.tw@localhost> writes:

> ---------------------------------------------------------------------------
> warning: /data0/netbsd/pkgsrc/current/pkgsrc/math/py-scipy/work/.destdir/usr/pkg/lib/python3.9/site-packages/scipy/stats/tests/test_stats.py:
> group-writable file.

I find often that this is related to strangeness on using various
unpacking programs on the distribution tarball, and perhaps
disagreements about the format of metadata.   I would suggest looking at
the distfile with various programs, and see what EXTRACT_USING ends up
being.  Sometimes the distfile is in a format supported only by some of
tar/pax/gtar/bsdtar/etc.

If the distfile really has files with group/other write permissions,
then it might be necesssary to fix those after unpacking.  But probably
if so you should report a bug upstream, as that creates a window when an
attacker could change one of the files.




Attachment: signature.asc
Description: PGP signature



Home | Main Index | Thread Index | Old Index