Re: Request for join the team

To: Samuel Henrique <samueloph@debian.org>
Cc: Debian Security Tools <debian-security-tools@lists.debian.org>
Subject: Re: Request for join the team
From: Tian Qiao <abcnsxyz@gmail.com>
Date: Wed, 28 Jul 2021 16:30:06 +0800
Message-id: <[🔎] 60C27ECC-8B51-4175-AE40-BE9B2D764D96@gmail.com>
In-reply-to: <[🔎] CABwkT9rkBR0DOuOp+2PaEQbaRAEX3xqjWcpw24L6R0soyibq2w@mail.gmail.com>
References: <1F530D3E-C6E6-40F7-95BE-21B2D733966A@gmail.com> <CABwkT9qdyY7y60OfZe8NmnYX1jcFVFiLhsSvcBMKM1=wzsRRzw@mail.gmail.com> <24CC510F-CA1A-4C07-B121-D60E6A03C6AA@gmail.com> <[🔎] CABwkT9qU5pbsWebGpEHTD3SJQ=i20cup2MLtbkoMJuzsQsZztg@mail.gmail.com> <[🔎] E4199546-57B2-4B46-A307-117A733B0CD4@gmail.com> <[🔎] CABwkT9rkBR0DOuOp+2PaEQbaRAEX3xqjWcpw24L6R0soyibq2w@mail.gmail.com>

Hi Samuel,

Sorry for getting back to you so late. It took some time to refactor the upstream code, lol. 
Here are some changes after refactoring.

> On Jul 20, 2021, at 7:44 AM, Samuel Henrique <samueloph@debian.org> wrote:
> 
> 1) d/copyright: You can remove the comments on lines 7-8 and also make
> the first Files entry (on line 10) shorter by stating "Files: *", this
> means that anything not called out in the other copyright entries
> below will fall into the wildcard one.
> 
Since we removed the third-party library in code 2), the copyright is now very simple.
thank you for the valuable suggestion.

> 2) pocsuite3/thirdparty/: There seems to be a few python libraries
> vendored in that folder

Now the package depends on repository versions, instead of using the vendored version.

> 3) pocsuite3/data/cacert.pem: I noticed this file contains both the
> public and private parts of the key, to initialize an http server on
> port 666 and wrap the socket with ssl. I believe this is fine (it's
> gonna be up to the ftp-master to confirm that it's ok), but I wonder
> if you thought about generating a self-signed cert at runtime[0]
> instead of reusing the same one for everyone? Note that you don't need
> to make this change, I'm just wondering if there's any pros and cons
> that I'm not considering since there's a chance you've already
> discussed this with other developers of pocsuite3.
> 

the self-signed certificate will be generated at runtime.

> 4) flake8 + black: Just a suggestion here, not a blocker for having
> pocsuite3 on Debian; flake8 seems to detect a lot of small thing that
> you probably want to have it fixed, and black can automate some of
> those changes for you. None of them seem to really be causing any
> bugs, but having flake8 enforced at development stage will definitely
> spot an issue for you eventually.
> 
> 5) docstrings: This is also just a suggestion and definitely not
> required for packaging pocsuite3 on Debian: I noticed some docstrings
> in the code are not in english, this is not a big deal since the code
> itself is in english and I could understand it without issues (at as
> far as I went, since I didn't read everything). I think it's a good
> idea to eventually translate them to english (you can keep both
> languages) to make it easier for others to contribute. But again,
> please take this as a suggestion for a low priority improvement.
> 
We have made some improvements to these issues, and the remaining work will be completed later.

New upstream version 1.7.7 has been uploaded to https://salsa.debian.org/pkg-security-team/pocsuite3.

Please let me know if there are any problems. Thank you very much!

Best Regards,

Tian

Reply to:

References:
- Re: Request for join the team
  - From: Samuel Henrique <samueloph@debian.org>
- Re: Request for join the team
  - From: Tian Qiao <abcnsxyz@gmail.com>
- Re: Request for join the team
  - From: Samuel Henrique <samueloph@debian.org>

Prev by Date: Re: Request to join the team
Next by Date: Re: Request to join the team
Previous by thread: Re: Request for join the team
Next by thread: Re: Bug#990302: ITP: bulk-extractor -- A stream-based forensics tool for triage and cross-evidence analysis, which scans the media and extracts recognizable content
Index(es):
- Date
- Thread