Hi, I've packaged draft package for sandsift [1] after discussing with upstream [2].
Please feel free to review or modify this, I will upload the package before the end of the week if there is no any issues. [1] https://salsa.debian.org/pkg-security-team/sandsift/ [2] https://github.com/rigred/sandsifter/issues/3 -- SZ Lin (林上智) <[email protected]>, http://people.debian.org/~szlin Debian Developer 4096R/ 178F 8338 B314 01E3 04FC 44BA A959 B38A 9561 F3F9 SZ Lin (林上智) <[email protected]> 於 2018年8月27日 週一 下午3:03寫道: > > Hi, > > It seems like the upstream [1] is not active for a while, the last > commit [2] is in Sep,2017. I would like to suggest replace the > upstream with this fork [3]. > > [1] https://github.com/xoreaxeaxeax/sandsifter > [2] > https://github.com/xoreaxeaxeax/sandsifter/commit/8375e6123d093629e3e4437d7903839fd0742c2a > [3] https://github.com/rigred/sandsifter > > -- > > SZ Lin (林上智) <[email protected]>, http://people.debian.org/~szlin > > > shirish शिरीष <[email protected]> 於 2018年8月16日 週四 下午2:48寫道: > > > > Dear all, > > > > First of all thank you for the whole team for keeping Debian as secure > > as it is the people on the team do to keep Debian free from > > controversy (at least from the security viewpoint) . > > > > Please CC me as I'm not subscribed to the mailing list, sorry. > > > > I just came upon sandsifter today. While I have done an RFP on it , > > could people have a look at it. > > > > It's being tracked as #906246 , thank you in advance. > > > > https://github.com/xoreaxeaxeax/sandsifter > > > > Also see https://www.youtube.com/watch?v=KrksBdWcZgQ which is a > > blackhat presentation given by the Developer. > > > > Could you all examine it and see if it's worth including in Debian, > > the only pre-requisite it asks for is already in Debian i.e. capstone. > > I dunno if it would be a good tool or not as I do not have the > > expertise to know whether the package 'phones home' or not, how > > dangerous or not dangerous the analysis would be. > > > > The only requirements are libcapstone3 and libcapstone-dev before > > compiling the python script (via make). The other odd thing seems to > > that the developer has mentioned to use 32-bit variation of the > > libcapstone3 and libcapstone-dev which at least IMHO would make it > > more resource intensive as it means it would be limited to only using > > 4 GiB of memory when it could use the whole 8-128 GiB memory depending > > upon the workstation properties but what do I know of these things. > > > > Looking forward to know. > > > > -- > > Regards, > > Shirish Agarwal शिरीष अग्रवाल > > My quotes in this email licensed under CC 3.0 > > http://creativecommons.org/licenses/by-nc/3.0/ > > http://flossexperiences.wordpress.com > > EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 > >
