Simon Josefsson <[email protected]> writes: > Richard Lewis <[email protected]> writes: > >> Hi, >> >> Would someone be able to sponsor an upload of chkrootkit? > > Done.
Thank-you! Unfortunately, i messed up and made one part the tests too specific so it fails on non-amd64. Can we try a 0.58b-3, based on the 3 new commits in https://salsa.debian.org/pkg-security-team/chkrootkit/ Sorry for this - I believe it will work this time (if not i will work on it on saturday), but I cant test on other architectures (i suppose i will attempt to understand quemu again). > I reviewed debian/* and it would be nice if more of the > debian/patches/* had DEP3 headers and upstreamed as appropriate. Agree > It > seems chkutmp.c and ifpromisc.c (including probably the patch > debian/patches/87a_ifpromisc-Add-a-return-value.patch) are covered by > GPLv3+ and not BSD-2-Clause, could you take a look and update > debian/copyright for this? Thanks - I have updated debian/copyright for this and some other things i spotted. (im not sure that that patch is really doing enough to count as copyrightable, but makes sense to list it under the same license as the .c). > Upstream publish tarballs on insecure ftp:// URLs with no GPG > signatures. They do sign the *-m.zip with GPG. Could you ask them to > sign the release source code tarball with GPG too? Or at least move the > distribution to a https:// URL. Thanks -- i will do this: The whole website was http until recently, and they did change that, so hopefully this can be improved (I dont think i spotted the GPG before). > I did verify the MD5sum (wtf?!) against > ftp://ftp.chkrootkit.org/pub/seg/pac/chkrootkit.md5 as being > de110f07f37b1b5caff2e90cc6172dd8 so I'm hoping you worked on the same > tarball. Maybe we should check the tarball for rootkits :) I confirm the same md5sum is what i used --- I have also read most of the code (apart from ifpromisc.c, although i have looked at parts of this), and checked the diff to the previous upstream version: no rootkits, but some bugs and issues (not all solved) Sorry again for the repeat
