Re: RFS: neotool
On Sat, Nov 1, 2008 at 5:43 AM, Heikki Mäntysaari
<heikki.mantysaari@linux.fi> wrote:
> http://mentors.debian.net/debian/pool/main/n/neotool/neotool_1.2-1.dsc
A review of your package:
Please send the manual page, .desktop file and menu icon upstream if
you have not already.
Please ask upstream to split the changelog in the script out into a NEWS file.
The upstream script contains symlink attack vulnerabilities. Since it
runs as root, this is very serious as any user could cause destruction
of any file on the system (such as /etc/shadow). Please ask upstream
to get the script audited and have CVE ids issued.
Most distribution images for the OpenMoko FreeRunner ship with a blank
root password, I think it is important for this tool to check for that
situation and prompt the user to set a secure password or disable
password-based ssh logins for root.
Delete the configure/configure-stamp targets from debian/rules since
they do nothing.
The .desktop file needs to be installed too, dh_desktop will not do that.
Your .desktop file contains no MimeType field so there is no use
calling dh_desktop.
The postrm/postinst files can be deleted and replaced with a call to
dh_installmenu in debian/rules.
The contents of README.debian should be merged into debian/copyright.
You run dh_installman once in debian/rules install and once in
debian/rules binary.
Please add a Homepage field to debian/control (in the Source section).
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: