Bug#647090: Review for the package on mentors.debian.net

[Michael Stummvoll <michael@stummi.org>]

owner 647090 !
kthxbye

Hi Aron and Bernhard,

thanks for your feedback. I forgot to own the ITA-Bug, but will fix
this with this mail.

>> 1.As you have updated the package to use debhelper compatible
>> level 8, the use of source format 3.0 is highly recommended. What
>> you need to do is: $ mkdir debian/source $ echo "3.0 (quilt)" >
>> debian/source/format Then review your patches against the build
>> system (*/config.[mk,h]) and make them maintained using quilt in
>> debian/patches/ .

Yes, i will do that. With the switching to quilt-source-format i also
will use multiple tarballs then.

>> 2.Can you explain why usr/bin/slock should be setuid? I can guess
>> that it's an screen locker so it may need the privilege to do its
>> job, but since it is a potential security hole please document it
>> in README.Debian for it.
> slock seems to not support PAM thus only be quite limited in what 
> authentication it supports. Perhaps it might be better to remove
> that then...

Yeah, slock checks the password against shadow, thats because it needs
root. May it is possible to patch PAM-Support into slock.