installer-alterator-livecd-stage2-0.1.2-alt1.noarch	rpm-filesystem-conflict-file-file	warn	Files /usr/lib/alterator/backend3/livecd-start /usr/share/alterator/steps/livecd-finish.desktop /usr/share/alterator/ui/livecd/start/index.scm conflict with the package alterator-livecd-0.9.0-alt1.noarch. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; 
installer-alterator-livecd-stage2-0.1.2-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/livecd-start: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/livecd-start } run_initinstall() { # do nothing if scripts have already been executed if [ -s /tmp/initinstall.log ]; then # notify interface about finish notify "done #t" return 0 fi -- # run scripts for f in "$initinstall_dir"/* "$livecd_initinstall_dir"/*; do [ -f "$f" -a -x "$f" ] || continue echo "Running $f" >>/tmp/initinstall.log if "$f" >>/tmp/initinstall.log 2>&1; then echo DONE >>/tmp/initinstall.log notify "package \"${f##*/}\" step $counter" counter=$(($counter + 1)) printf '%s %s - OK\n' "$(date +%T)" "$f" >&2 else echo FAILED >>/tmp/initinstall.log notify "error \"${f##*/}\"" printf '%s %s - FAILED\n' "$(date +%T)" "$f" >&2 break fi done; 
installer-alterator-livecd-stage3-0.1.2-alt1.noarch	rpm-filesystem-conflict-file-file	warn	Files /usr/lib/alterator/backend3/livecd-finish /usr/share/alterator/ui/livecd/finish/index.scm conflict with the package alterator-livecd-0.9.0-alt1.noarch. Moreover, the packages have no explicit conflicts with each other. You should add explicit conflicts, or, if conflicts are avoidable, consider using alternatives.; 
installer-alterator-livecd-stage3-0.1.2-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/alterator/backend3/livecd-finish: $ grep -A5 -B5 /tmp/ /usr/lib/alterator/backend3/livecd-finish # run scripts export PATH=/run/install2/bin:$PATH for f in "$run_postinstall_dir"/* "$livecd_postinstall_dir/*"; do [ -f "$f" -a -x "$f" ] || continue echo "Running $f" >>/tmp/postinstall.log if "$f" >>/tmp/postinstall.log 2>&1; then echo DONE >>/tmp/postinstall.log else echo FAILED >>/tmp/postinstall.log fi done rm -f /_NEW_SYSTEM_ };