Bug#864241: RFS: pnmixer/0.7.2-1 -- Simple mixer application for system tray
On Mon, Jun 5, 2017 at 11:35 PM, Arnaud wrote:
> mentors.debian.net says there's a problem. I'm not sure what's wrong.
Probably due to the old version of uscan it uses.
> The package is now built with `gbp` from a git tag. I guess it fixes the problem.
Please verify that is the case.
> I have no idea where are the source images, when I jumped in PNMixer development there was only the PNG files, and I don't think the XCF files will ever be found.
That is a shame, you might want to mention in the README that the XCF
files were lost so now any modifications will be to the PNG files.
>> Instead of g_spawn_command_line_async() you should use g_spawn_async().
>
> Sorry, disagreeing on this one, g_spawn_command_line_async() is definitely what I want to use, it's the right tool for the job.
Looking more closely it seems I was wrong and the
g_spawn_command_line*() functions are actually safe. I had assumed
they would run the command-line by using the shell, which could mean
shell metacharacter injection attacks.
> And if the implementation is bad and uses too many pid, no worries.
I think you may have misunderstood the point of my blog post, it is
more about shell metacharacter injection attacks.
> Fixed a few things, but there's way too much stuff there, I didn't take time to look through everything. For the next release :)
Please consider running lintian/check-all-the-things/etc as often as
you can (such as before each release or before every commit) and
chipping away at the issues when you have time.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: