Comment 3 for bug 2052813

We discussed the need or lack of need for security review here.

[16:38] <sarnold> I'm not sure either; on the one hand, administrative privilege is required to run these, so there's a thin barrier at best
[16:38] <sarnold> most of the security layer happens in the kernel
[16:39] <sarnold> I believe that this package itself is very little risk to the security team, but the kernel portion might -- so, I'm inclined to say that this doesn't need security team review
[16:39] <eslerm> a quick review might remove some footguns
[16:40] <cpaelzer> eslerm: is there a good way to express "we should have a quick check but not a full review"
[16:41] <cpaelzer> how about you volunteer for that "quick but not full" check
[16:41] <cpaelzer> then the solution is that I'll assign you
[16:41] <cpaelzer> actually it is back with mkukri so I'd subscribe you
[16:41] <eslerm> a short audit might find something useful to report upstream, it might just be bugs, if the security context cannot be made worse by bugs
[16:42] <eslerm> I can do that
[16:42] <cpaelzer> thank you