Bug#898431: lintian.debian.org should emit source-contains-prebuilt-wasm-binary (backport file?)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#898431: lintian.debian.org should emit source-contains-prebuilt-wasm-binary (backport file?)
From: Bastien ROUCARIES <roucaries.bastien@gmail.com>
Date: Fri, 11 May 2018 16:46:44 +0200
Message-id: <[🔎] CAE2SPAY4nc2aArec1e71A2g7kRRUT48dxLjeO2UhC3L46UkrQw@mail.gmail.com>
Reply-to: Bastien ROUCARIES <roucaries.bastien@gmail.com>, 898431@bugs.debian.org

Package: lintian
Version: 2.5.84
Severity: important
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
X-Debbugs-CC: ftpmaster@ftp-master.debian.org

Hi,

source-contains-prebuilt-wasm-binary source tag is not emitted due to
too old file.

wasm is a crap over a crap of nodejs communauty. It is compiled javascript.

Node often include it without source and this will end in the archive.

Why js file even minified an human could with some hard work undestand
security implication.

With wasm, it is near impossible to understand.

So it is important to be sure that wasm file are compiled from source
(thus security bug), and maybe
should raise an ftpmaster autoreject.

So could we try to get file on  lintian.debian.org to detect wasm ?

Bastien

Reply to:

Follow-Ups:
- Bug#898431: lintian.debian.org should emit source-contains-prebuilt-wasm-binary (backport file?)
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Bug#898273: [lintian] Detect conflict between package.json version and debian control version
Next by Date: Processed: Re: Bug#898431: lintian.debian.org should emit source-contains-prebuilt-wasm-binary (backport file?)
Previous by thread: Bug#898377: marked as done (lintian: overly generic header name: /usr/include/util.h)
Next by thread: Bug#898431: lintian.debian.org should emit source-contains-prebuilt-wasm-binary (backport file?)
Index(es):
- Date
- Thread