martiell opened a new pull request, #155: URL: https://github.com/apache/couchdb-pkg/pull/155
Remove the nouveau jar files from the list of files to have their ownership and group changed in the couchdb-nouveau postinst script. These files are not expected to change at runtime, and the service should not have permission to overwrite them. ## Overview The installed jar files should be owned as root to prevent them being overwritten, replaced or deleted accidentally, or maliciously in the event of a vulnerability in the service or its dependencies. ## Testing recommendations Build and install packages with this change, observing that /opt/nouveau/lib and files within are owned by root. The service should still operate correctly. ## GitHub issue number n/a ## Related Pull Requests none ## Checklist - [ ] Code is written and works correctly; - [ ] Changes are covered by tests; - [ ] Documentation reflects the changes; -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
