[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#689503: RFS: python-msrplib/0.15.0-1

(I don't intend to sponsor this package.)

* Daniel Pocock <daniel@pocock.com.au>, 2012-10-03, 12:23:

lintian emits:

I: python-msrplib source: debian-watch-file-is-missing

lintian4python emits:

i: python-msrplib source: debian-pycompat-is-obsolete

I'd use "debhelper (>= 8)" instead of "debhelper (>= 8.0.0)".

Current standards versions is 3.9.4.

The versioned build-dependency on python is insufficient; as per dh_python2 manpage it should be at least >= 2.6.6-3~. Also, it should be s/python/python-all/, because otherwise you could run into bug #683557.

We are phasing out DM-Upload-Allowed: http://lists.debian.org/debian-devel-announce/2012/09/msg00008.html
Please remove the field from debian/control.

The long description explains what is MSRP, but it doesn't say a word about the package itself. Please see Developer's Reference §6.2.3, which contains some hints on how to write good package description. You may also want to have it reviewed by debian-l10n-english@lists.debian.org.

The copyright file is not policy-compliant. Please see:

Upstream seems to provide a test suite. Please run it at build time.

Upstream provides some examples. It might be worth including them in the binary package.

In msrplib/digest.py:

| try:
|     nonce_dec = b64decode(nonce)
|     issued, nonce_ip = nonce_dec[16:].split(":", 1)
|     issued = float(issued)
| except:
|     raise LoginFailed("Could not decode nonce")

This would catch KeyboardInterrupt and other unexpected errors. Please catch only exceptions you _do_ expect.

Are you sure the way msrplib uses the "random" module is secure? The documentation says this module is "completely unsuitable for cryptographic purposes".

Jakub Wilk

Reply to: