Re: Getting sandsifter in Debian

To: shirish शिरीष <shirishag75@gmail.com>
Cc: debian-security-tools@lists.debian.org
Subject: Re: Getting sandsifter in Debian
From: SZ Lin (林上智) <szlin@cs.nctu.edu.tw>
Date: Mon, 27 Aug 2018 15:03:48 +0800
Message-id: <[🔎] CAFk6z8N69Pod-AjHtxEi+-+HKcoehsUO_cnjO7dw1MzRf6KiXw@mail.gmail.com>
In-reply-to: <[🔎] CADdDZRmhdKixCj+V1bttmMXzTdoUcLq-Q+-cTwtrAMhBA-Rniw@mail.gmail.com>
References: <[🔎] CADdDZRmhdKixCj+V1bttmMXzTdoUcLq-Q+-cTwtrAMhBA-Rniw@mail.gmail.com>

Hi,

It seems like the upstream [1] is not active for a while, the last
commit [2] is in Sep,2017. I would like to suggest replace the
upstream with this fork [3].

[1] https://github.com/xoreaxeaxeax/sandsifter
[2] https://github.com/xoreaxeaxeax/sandsifter/commit/8375e6123d093629e3e4437d7903839fd0742c2a
[3] https://github.com/rigred/sandsifter

--

SZ Lin (林上智) <szlin@debian.org>, http://people.debian.org/~szlin


shirish शिरीष <shirishag75@gmail.com> 於 2018年8月16日 週四 下午2:48寫道：
>
> Dear all,
>
> First of all thank you for the whole team for keeping Debian as secure
> as it is the people on the team do to keep Debian free from
> controversy (at least from the security viewpoint) .
>
> Please CC me as I'm not subscribed to the mailing list, sorry.
>
> I just came upon sandsifter today. While I have done an RFP on it ,
> could people have a look at it.
>
> It's being tracked as #906246 , thank you in advance.
>
> https://github.com/xoreaxeaxeax/sandsifter
>
> Also see https://www.youtube.com/watch?v=KrksBdWcZgQ which is a
> blackhat presentation given by the Developer.
>
> Could you all examine it and see if it's worth including in Debian,
> the only pre-requisite it asks for is already in Debian i.e. capstone.
> I dunno if it would be a good tool or not as I do not have the
> expertise to know whether the package 'phones home' or not, how
> dangerous or not dangerous the analysis would be.
>
> The only requirements are libcapstone3 and libcapstone-dev before
> compiling the python script (via make). The other odd thing seems to
> that the developer has mentioned to use 32-bit variation of the
> libcapstone3 and libcapstone-dev which at least IMHO would make it
> more resource intensive as it means it would be limited to only using
> 4 GiB of memory when it could use the whole 8-128 GiB memory depending
> upon the workstation properties but what do I know of these things.
>
> Looking forward to know.
>
> --
>           Regards,
>           Shirish Agarwal  शिरीष अग्रवाल
>   My quotes in this email licensed under CC 3.0
> http://creativecommons.org/licenses/by-nc/3.0/
> http://flossexperiences.wordpress.com
> EB80 462B 08E1 A0DE A73A  2C2F 9F3D C7A4 E1C4 D2D8
>

Reply to:

References:
- Getting sandsifter in Debian
  - From: shirish शिरीष <shirishag75@gmail.com>

Prev by Date: Re: Please push missing changes grr-client-templates/libevt/nmap
Next by Date: Re: Removing lcrack from Debian ?
Previous by thread: Re: Getting sandsifter in Debian
Next by thread: Processed: ITP: librtr -- Library implementing the client-side of the RPKI-RTR Protocol.
Index(es):
- Date
- Thread