Hi Samuel, Sorry for getting back to you so late. It took some time to refactor the upstream code, lol. Here are some changes after refactoring.
> On Jul 20, 2021, at 7:44 AM, Samuel Henrique <[email protected]> wrote: > > 1) d/copyright: You can remove the comments on lines 7-8 and also make > the first Files entry (on line 10) shorter by stating "Files: *", this > means that anything not called out in the other copyright entries > below will fall into the wildcard one. > Since we removed the third-party library in code 2), the copyright is now very simple. thank you for the valuable suggestion. > 2) pocsuite3/thirdparty/: There seems to be a few python libraries > vendored in that folder Now the package depends on repository versions, instead of using the vendored version. > 3) pocsuite3/data/cacert.pem: I noticed this file contains both the > public and private parts of the key, to initialize an http server on > port 666 and wrap the socket with ssl. I believe this is fine (it's > gonna be up to the ftp-master to confirm that it's ok), but I wonder > if you thought about generating a self-signed cert at runtime[0] > instead of reusing the same one for everyone? Note that you don't need > to make this change, I'm just wondering if there's any pros and cons > that I'm not considering since there's a chance you've already > discussed this with other developers of pocsuite3. > the self-signed certificate will be generated at runtime. > 4) flake8 + black: Just a suggestion here, not a blocker for having > pocsuite3 on Debian; flake8 seems to detect a lot of small thing that > you probably want to have it fixed, and black can automate some of > those changes for you. None of them seem to really be causing any > bugs, but having flake8 enforced at development stage will definitely > spot an issue for you eventually. > > 5) docstrings: This is also just a suggestion and definitely not > required for packaging pocsuite3 on Debian: I noticed some docstrings > in the code are not in english, this is not a big deal since the code > itself is in english and I could understand it without issues (at as > far as I went, since I didn't read everything). I think it's a good > idea to eventually translate them to english (you can keep both > languages) to make it easier for others to contribute. But again, > please take this as a suggestion for a low priority improvement. > We have made some improvements to these issues, and the remaining work will be completed later. New upstream version 1.7.7 has been uploaded to https://salsa.debian.org/pkg-security-team/pocsuite3. Please let me know if there are any problems. Thank you very much! Best Regards, Tian
