MIR review for libprelude:
* Builds fine with only main enabled
* Has a test suite and it is enabled in the build
* No Ubuntu delta
* dh_makeshlibs is used, but not dh_makeshlibs -V (would be nice to have this
in Debian)
* Has debian/watch file
* Update history is slow, but there isn't really much to do
* The current release is not packaged. 1.0.1 is avilable but this only has 2
bug fixes
* Will entering main make it harder for the people currently keeping it up to
date? no-- should be able to just sync
* Lintian warnings (lintian ../source/*dsc ../binary/*.deb)
* Is debian/rules a mess? it's fine
* there are warnings during the build, but they shouldn't be a problem (in the
testsuite, setting variables but not using them, unused functions, etc)
* Incautious use of malloc/sprintf: spot checked various places and it seems
fine-- returns code are checked, string operations are ok
* Uses of sudo (see audit-packaging.sh) or LD_LIBRARY_PATH (see audit-code.sh)
* Important bugs (crashers, etc) in Debian or Ubuntu: no
* Does the package have a CVE history? no
* binaries are compiled with PIE
* No initscripts/upstart jobs, dbus services, setuid/fscaps, sudo, cron jobs
* use of chown() suggests privileged operations, but this seems under the
control of the admin (ie, no network services processes untrusted input)
Nothing in this review suggests it needs a security audit. ACK
** Changed in: libprelude (Ubuntu)
Status: New => Fix Committed
** Changed in: libprelude (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1026852
Title:
[MIR] audit (pulls in libprelude)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/audit/+bug/1026852/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
