Richard Lewis <richard.lewis.debian@googlemail.com> writes: > Hi, > > Would someone be able to sponsor an upload of chkrootkit? Done. I reviewed debian/* and it would be nice if more of the debian/patches/* had DEP3 headers and upstreamed as appropriate. It seems chkutmp.c and ifpromisc.c (including probably the patch debian/patches/87a_ifpromisc-Add-a-return-value.patch) are covered by GPLv3+ and not BSD-2-Clause, could you take a look and update debian/copyright for this? See 'lrc' output: d/copyright | licensecheck BSD-2-Clause | GPL-2+ chkutmp.c BSD-2-Clause | GPL-2+ debian/patches/87a_ifpromisc-Add-a-return-value.patch BSD-2-Clause | GPL-2+ ifpromisc.c Upstream publish tarballs on insecure ftp:// URLs with no GPG signatures. They do sign the *-m.zip with GPG. Could you ask them to sign the release source code tarball with GPG too? Or at least move the distribution to a https:// URL. I did verify the MD5sum (wtf?!) against ftp://ftp.chkrootkit.org/pub/seg/pac/chkrootkit.md5 as being de110f07f37b1b5caff2e90cc6172dd8 so I'm hoping you worked on the same tarball. Maybe we should check the tarball for rootkits :) /Simon
Attachment:
signature.asc
Description: PGP signature