openSUSE has issued an advisory today (February 20): https://lists.opensuse.org/opensuse-updates/2020-02/msg00083.html We do have protected_hardlinks set, so we don't need to push an update for Mageia 7, but we should fix it in SVN there and fix Cauldron the same way openSUSE did. Basically they got rid of the chown calls in post and instead of doing the touch as root, did "runuser -u news -g news touch ..." with the files at the end.
Status comment: (none) => Fix described in bug report
In the absence of an obvious maintainer for this package, assigning it globally.
Assignee: bugsquad => pkg-bugs
fixed in cauldron
Resolution: (none) => FIXEDCC: (none) => mageiaStatus: NEW => RESOLVED