On Sat, Nov 1, 2008 at 5:43 AM, Heikki Mäntysaari <[EMAIL PROTECTED]> wrote:
> http://mentors.debian.net/debian/pool/main/n/neotool/neotool_1.2-1.dsc A review of your package: Please send the manual page, .desktop file and menu icon upstream if you have not already. Please ask upstream to split the changelog in the script out into a NEWS file. The upstream script contains symlink attack vulnerabilities. Since it runs as root, this is very serious as any user could cause destruction of any file on the system (such as /etc/shadow). Please ask upstream to get the script audited and have CVE ids issued. Most distribution images for the OpenMoko FreeRunner ship with a blank root password, I think it is important for this tool to check for that situation and prompt the user to set a secure password or disable password-based ssh logins for root. Delete the configure/configure-stamp targets from debian/rules since they do nothing. The .desktop file needs to be installed too, dh_desktop will not do that. Your .desktop file contains no MimeType field so there is no use calling dh_desktop. The postrm/postinst files can be deleted and replaced with a call to dh_installmenu in debian/rules. The contents of README.debian should be merged into debian/copyright. You run dh_installman once in debian/rules install and once in debian/rules binary. Please add a Homepage field to debian/control (in the Source section). -- bye, pabs http://wiki.debian.org/PaulWise
