Bug#647090: Review for the package on mentors.debian.net
owner 647090 !
kthxbye
Hi Aron and Bernhard,
thanks for your feedback. I forgot to own the ITA-Bug, but will fix
this with this mail.
>> 1.As you have updated the package to use debhelper compatible
>> level 8, the use of source format 3.0 is highly recommended. What
>> you need to do is: $ mkdir debian/source $ echo "3.0 (quilt)" >
>> debian/source/format Then review your patches against the build
>> system (*/config.[mk,h]) and make them maintained using quilt in
>> debian/patches/ .
Yes, i will do that. With the switching to quilt-source-format i also
will use multiple tarballs then.
>> 2.Can you explain why usr/bin/slock should be setuid? I can guess
>> that it's an screen locker so it may need the privilege to do its
>> job, but since it is a potential security hole please document it
>> in README.Debian for it.
> slock seems to not support PAM thus only be quite limited in what
> authentication it supports. Perhaps it might be better to remove
> that then...
Yeah, slock checks the password against shadow, thats because it needs
root. May it is possible to patch PAM-Support into slock.
Reply to: