[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: acsccid (New Upstream Release)

On Thu, Jan 26, 2012 at 3:24 PM, Godfrey Chung wrote:

>> Why do you duplicate src/92_pcscd_acsccid.rules as
>> debian/libacsccid1.udev? I would suggest deleting
>> debian/libacsccid1.udev and just using the upstream file.
> Done. I created a symbolic link to upstream file.

Why? Isn't the existing file installed by the upstream build system?
If not, please send them a patch

>> The src/openct directory is an embedded code copy. You should ask
>> upstream to remove it and build-depend on openct. If they are not
>> willing to do so, then you should do that for Debian. If that isn't
>> possible for whatever reason, please contact the security team and get
>> it added to the embedded code copies file:
>> http://wiki.debian.org/EmbeddedCodeCopies
> It is not an embedded code copy. acsccid borrowed the internal code from
> openct to do the smart card protocol (T1). According to the ChangeLog, the
> source code had been modified.

Sounds like the very definition of an embedded code copy. It would be
nice if upstream did not do this.

>> Should ccid be removed from Debian? acsccid seems like a fork of it.
>> If it shouldn't be removed, please also get this documented by the
>> security team, they track forks too.
> No.

Can you explain your response here?

> How can I get this documented by the security team?

See the wiki page I pointed at.

> log_xxd is a internal API provided by pcscd. Therefore, dpkg-shlibdeps
> cannot find the function from other shared libraries.

This means pcscd is not portable to non-ELF platforms (IIRC).

>> lintian complaints:
>> X: libacsccid1: shlib-calls-exit
>> usr/lib/pcsc/drivers/ifd-acsccid.bundle/Contents/Linux/libacsccid.so.1.0.3
> The exit function call is generated automatically by flex (tokenparser.l -->
> tokenparser.c). It seems to be difficult to modify the code.

Ok, this is an experimental lintian tag, you can ignore it.



Reply to: