Hello Tian, Sorry for the delay in the reply,
I have created a repo under the team's org and gave you permission, you can push start pushing your changes there: https://salsa.debian.org/pkg-security-team/pocsuite3 The packaging seems to be in a good shape, I have a few suggestions/questions: 1) d/copyright: You can remove the comments on lines 7-8 and also make the first Files entry (on line 10) shorter by stating "Files: *", this means that anything not called out in the other copyright entries below will fall into the wildcard one. 2) pocsuite3/thirdparty/: There seems to be a few python libraries vendored in that folder, I'm not sure if they're patched or just plain vendored. Generally speaking we can't use them and should instead rely on their packaged versions on Debian, eg.: make the package depend on "python3-prettytable" instead of using the vendored version. This can also help by making d/copyright even simpler if you can remove it from the orig tarball (either with a repack or if you can provide a tarball without it, as upstream). Now, I understand that ansistrm, for example, is not packaged on Debian, and so It should be fine to keep this one as it is, but otherwise could you try to use the ones already packaged on Debian and make sure they are not shipped in a vendored manner for pocsuite3? You can keep them in the orig tarball if you'd like, and we can also discuss using vendored libs if you need them, please let me know if that's the case, and also let me know if you need help or would like more details about it. 3) pocsuite3/data/cacert.pem: I noticed this file contains both the public and private parts of the key, to initialize an http server on port 666 and wrap the socket with ssl. I believe this is fine (it's gonna be up to the ftp-master to confirm that it's ok), but I wonder if you thought about generating a self-signed cert at runtime[0] instead of reusing the same one for everyone? Note that you don't need to make this change, I'm just wondering if there's any pros and cons that I'm not considering since there's a chance you've already discussed this with other developers of pocsuite3. 4) flake8 + black: Just a suggestion here, not a blocker for having pocsuite3 on Debian; flake8 seems to detect a lot of small thing that you probably want to have it fixed, and black can automate some of those changes for you. None of them seem to really be causing any bugs, but having flake8 enforced at development stage will definitely spot an issue for you eventually. 5) docstrings: This is also just a suggestion and definitely not required for packaging pocsuite3 on Debian: I noticed some docstrings in the code are not in english, this is not a big deal since the code itself is in english and I could understand it without issues (at as far as I went, since I didn't read everything). I think it's a good idea to eventually translate them to english (you can keep both languages) to make it easier for others to contribute. But again, please take this as a suggestion for a low priority improvement. [0] Alternatively, it should also be possible to generate it at the install-time of the deb package with the pre/postinst maintainer scripts. Thank you for your contributions! -- Samuel Henrique <samueloph>
