Re: RFS: acsccid (New Upstream Release)
On Thu, Jan 26, 2012 at 3:24 PM, Godfrey Chung wrote:
>> Why do you duplicate src/92_pcscd_acsccid.rules as
>> debian/libacsccid1.udev? I would suggest deleting
>> debian/libacsccid1.udev and just using the upstream file.
>
> Done. I created a symbolic link to upstream file.
Why? Isn't the existing file installed by the upstream build system?
If not, please send them a patch
>> The src/openct directory is an embedded code copy. You should ask
>> upstream to remove it and build-depend on openct. If they are not
>> willing to do so, then you should do that for Debian. If that isn't
>> possible for whatever reason, please contact the security team and get
>> it added to the embedded code copies file:
>>
>> http://wiki.debian.org/EmbeddedCodeCopies
>
>
> It is not an embedded code copy. acsccid borrowed the internal code from
> openct to do the smart card protocol (T1). According to the ChangeLog, the
> source code had been modified.
Sounds like the very definition of an embedded code copy. It would be
nice if upstream did not do this.
>> Should ccid be removed from Debian? acsccid seems like a fork of it.
>> If it shouldn't be removed, please also get this documented by the
>> security team, they track forks too.
>
> No.
Can you explain your response here?
> How can I get this documented by the security team?
See the wiki page I pointed at.
> log_xxd is a internal API provided by pcscd. Therefore, dpkg-shlibdeps
> cannot find the function from other shared libraries.
This means pcscd is not portable to non-ELF platforms (IIRC).
>> lintian complaints:
>>
>> X: libacsccid1: shlib-calls-exit
>> usr/lib/pcsc/drivers/ifd-acsccid.bundle/Contents/Linux/libacsccid.so.1.0.3
>
> The exit function call is generated automatically by flex (tokenparser.l -->
> tokenparser.c). It seems to be difficult to modify the code.
Ok, this is an experimental lintian tag, you can ignore it.
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: