I reviewed python-pysnmp4 version 4.2.5-1 as checked into utopic. This should not be considered a full security audit, but rather a quick gauge of code maintainability.
- python-pysnmp provides a pure-python implementation of snmp - Build-Depends: debhelper (>= 5.0.37.2), cdbs, python-all, python3-all, python-setuptools, python3-setuptools, python-crypto, python3-crypto - Depends: smitools - Recommends: python-crypto, python-pysnmp4-mibs, python-pysnmp4-apps, python-twisted - Does use encryption - Does use networking - Uses smitools, thus libsmi - Can be added to other applications via twisted, asyncore - Does not itself daemonize - No pre/post inst/rm scripts - No initscripts - No dbus - No setuid - No sudo fragments - No udev rules - No cron jobs - Adds libsmi2pysnmp and build-pysnmp-mib binaries - Clean build logs - No subprocesses spawned - Python, no real memory management - Only file operation is read-only - Logging looked safe - No use of environment variables - No privileged operations - Does use cryptography, SNMP-standards-specified use of MD5, DES, 3DES, AES, SHA-1, etc. I didn't investigate further, mechanisms all standardized - Extensive networking, looked to be well-managed - No privileged portions of code - No temporary files - No WebKit - No JavaScript - No PolicyKit The code is complicated, though references to relevant RFC sections abound in much of the code. It all seemed straight-forward enough, considering the complexity of SNMP. Security team ACK for promoting python-pysnmp4 to main. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1349868 Title: [MIR] new build dependencies for ceilometer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libsmi/+bug/1349868/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
