Hi, If no one has any objections, I would like to package this tool and mark as a team maintained package afterwards.
-- SZ Lin (林上智) <sz...@debian.org>, http://people.debian.org/~szlin 4096R/ 178F 8338 B314 01E3 04FC 44BA A959 B38A 9561 F3F9 2018-08-16 14:47 GMT+08:00 shirish शिरीष <shirisha...@gmail.com>: > Dear all, > > First of all thank you for the whole team for keeping Debian as secure > as it is the people on the team do to keep Debian free from > controversy (at least from the security viewpoint) . > > Please CC me as I'm not subscribed to the mailing list, sorry. > > I just came upon sandsifter today. While I have done an RFP on it , > could people have a look at it. > > It's being tracked as #906246 , thank you in advance. > > https://github.com/xoreaxeaxeax/sandsifter > > Also see https://www.youtube.com/watch?v=KrksBdWcZgQ which is a > blackhat presentation given by the Developer. > > Could you all examine it and see if it's worth including in Debian, > the only pre-requisite it asks for is already in Debian i.e. capstone. > I dunno if it would be a good tool or not as I do not have the > expertise to know whether the package 'phones home' or not, how > dangerous or not dangerous the analysis would be. > > The only requirements are libcapstone3 and libcapstone-dev before > compiling the python script (via make). The other odd thing seems to > that the developer has mentioned to use 32-bit variation of the > libcapstone3 and libcapstone-dev which at least IMHO would make it > more resource intensive as it means it would be limited to only using > 4 GiB of memory when it could use the whole 8-128 GiB memory depending > upon the workstation properties but what do I know of these things. > > Looking forward to know. > > -- > Regards, > Shirish Agarwal शिरीष अग्रवाल > My quotes in this email licensed under CC 3.0 > http://creativecommons.org/licenses/by-nc/3.0/ > http://flossexperiences.wordpress.com > EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8 >
