On Mon, Jul 16, 2018 at 05:56:39AM +0200, Dashamir Hoxha wrote:
> I just uploaded it: https://mentors.debian.net/package/pw
> Please review and sponsor it.
please *dont* sponsor this until Dashamir has addressed the concerns
pointed out in
[🔎] aa2d4d3d-41d2-5399-225b-f492be2d2c1c@t-online.de" rel="noreferrer" target="_blank">https://lists.debian.org/msgid-search/[🔎] aa2d4d3d-41d2-5399-225b-f492be2d2c1c@t-online.de
The email pointed out by the link has not arrived me at all.
It is not in my inbox, it is not in my Spam, it is not in my Trash.
I don't know what has happened, but I am not trying to avoid
or ignore legitimate questions or concerns.
I just figured out that I am not subscribed to debian-devel
and Carsten has not included me on the Cc:
> Hmm, do you have tried to validate your shell code?
>
>
> I just pasted
> and got quite a lot of problematic remarks.
I just tried it and most of the warnings are about using double quotes
(when I know that they are not needed) and about not being able to
follow included files.
There is only 1 potentially useful suggestion in all of them.
> Have you test cases to prevent things Philipp has raised?
> The concerns Philipp mentioned are valid, creating safe shell code isn't
> easy and writing correct syntax isn't enough.
I have the same answer that I gave to Philipp. He has not looked close
enough to the code, and has not tried to follow its logic.
For example, error *messages* of `tar` are suppressed, not the errors
themselves. The result of the command is checked afterwards.
Etc. we can discuss them later.
> Your ITP about password managing isn't the first of course, as far I can
> remember the common sense was that using Bash or any other Shell isn't
> the best choice for doing things like this.
It all depends on the skills and experience of the programmer.
Bash may be cryptic, ugly, difficult, etc. but nonetheless it is also powerful.
Everybody claimed the same for _javascript_ 20 years ago, but now it rules
the world.
Regards,
Dashamir
--
cheers,
Holger