Bug#831694: RFS: shadowsocks-libev/2.4.7+20160630+ds-3 -- lightweight and secure socks5 proxy
Dear Christian,
Thanks for your review!
On Tue, Jul 19, 2016 at 12:21 AM, Christian Seiler <christian@iwakd.de> wrote:
> I'm not a DD, so I can't sponsor, but:
>
> On 07/18/2016 04:53 PM, Roger Shimizu wrote:
>> * debian/rules:
>> - Add param "--disable-ssp" to dh_auto_configure command.
>> Thanks to Aaron M. Ucko and Boyuan Yang. (Closes: #829498)
>
> Please don't disable the SSP unconditionally, because it's a useful
> defense-in-depth strategy. Especially since you are packaging a
> network service, I would really recommend not doing that.
My bad on wording of changelog.
Actually it means turn off the broken hardening by upstream, and only
use hardening by Debian (from dpkg-buildflags)
So this change won't lower the security check.
>> - Cherry-Pick two patch from upstream as 0004 and 0005
>
> Generally you should describe in the changelog what these patches
> do. I would hence suggest an entry like:
>
> - Cherry-pick the following upstream patches:
> * Fix typo in argument passed to manager command.
> * Use SO_REUSEADDR for remote socket
Indeed.
This makes more clear.
I'll update the changelog entry on next release.
Thank you!
Cheers,
--
Roger Shimizu, GMT +9 Tokyo
PGP/GPG: 4096R/6C6ACD6417B3ACB1
Reply to: