Bug#689503: RFS: python-msrplib/0.15.0-1
(I don't intend to sponsor this package.)
* Daniel Pocock <daniel@pocock.com.au>, 2012-10-03, 12:23:
http://mentors.debian.net/debian/pool/main/p/python-msrplib/python-msrplib_0.15.0-1.dsc
lintian emits:
I: python-msrplib source: debian-watch-file-is-missing
lintian4python emits:
i: python-msrplib source: debian-pycompat-is-obsolete
I'd use "debhelper (>= 8)" instead of "debhelper (>= 8.0.0)".
Current standards versions is 3.9.4.
The versioned build-dependency on python is insufficient; as per
dh_python2 manpage it should be at least >= 2.6.6-3~. Also, it should be
s/python/python-all/, because otherwise you could run into bug #683557.
We are phasing out DM-Upload-Allowed:
http://lists.debian.org/debian-devel-announce/2012/09/msg00008.html
Please remove the field from debian/control.
The long description explains what is MSRP, but it doesn't say a word
about the package itself. Please see Developer's Reference §6.2.3, which
contains some hints on how to write good package description. You may
also want to have it reviewed by debian-l10n-english@lists.debian.org.
The copyright file is not policy-compliant. Please see:
https://lists.debian.org/debian-devel-announce/2006/03/msg00023.html
Upstream seems to provide a test suite. Please run it at build time.
Upstream provides some examples. It might be worth including them in the
binary package.
In msrplib/digest.py:
| try:
| nonce_dec = b64decode(nonce)
| issued, nonce_ip = nonce_dec[16:].split(":", 1)
| issued = float(issued)
| except:
| raise LoginFailed("Could not decode nonce")
This would catch KeyboardInterrupt and other unexpected errors. Please
catch only exceptions you _do_ expect.
Are you sure the way msrplib uses the "random" module is secure? The
documentation says this module is "completely unsuitable for
cryptographic purposes".
--
Jakub Wilk
Reply to: