Bug#689503: RFS: python-msrplib/0.15.0-1

[Jakub Wilk <jwilk@debian.org>]

(I don't intend to sponsor this package.)

* Daniel Pocock <daniel@pocock.com.au>, 2012-10-03, 12:23:
> http://mentors.debian.net/debian/pool/main/p/python-msrplib/python-msrplib_0.15.0-1.dsc

lintian emits:

I: python-msrplib source: debian-watch-file-is-missing

lintian4python emits:

i: python-msrplib source: debian-pycompat-is-obsolete

I'd use "debhelper (>= 8)" instead of "debhelper (>= 8.0.0)".

Current standards versions is 3.9.4.

The versioned build-dependency on python is insufficient; as per 
dh_python2 manpage it should be at least >= 2.6.6-3~. Also, it should be 
s/python/python-all/, because otherwise you could run into bug #683557.

We are phasing out DM-Upload-Allowed: 
http://lists.debian.org/debian-devel-announce/2012/09/msg00008.html
Please remove the field from debian/control.

The long description explains what is MSRP, but it doesn't say a word 
about the package itself. Please see Developer's Reference §6.2.3, which 
contains some hints on how to write good package description. You may 
also want to have it reviewed by debian-l10n-english@lists.debian.org.

The copyright file is not policy-compliant. Please see:
https://lists.debian.org/debian-devel-announce/2006/03/msg00023.html

Upstream seems to provide a test suite. Please run it at build time.

Upstream provides some examples. It might be worth including them in the 
binary package.

In msrplib/digest.py:

| try:
|     nonce_dec = b64decode(nonce)
|     issued, nonce_ip = nonce_dec[16:].split(":", 1)
|     issued = float(issued)
| except:
|     raise LoginFailed("Could not decode nonce")

This would catch KeyboardInterrupt and other unexpected errors. Please 
catch only exceptions you _do_ expect.

Are you sure the way msrplib uses the "random" module is secure? The 
documentation says this module is "completely unsuitable for 
cryptographic purposes".

--
Jakub Wilk