Bug#685575: opentracker debian folder passes lintian

To: Roman Valls Guimera <brainstorm@nopcode.org>
Cc: 685575@bugs.debian.org, alex@list.priv.at
Subject: Bug#685575: opentracker debian folder passes lintian
From: Antoine Beaupré <anarcat@anarcat.ath.cx>
Date: Wed, 10 Sep 2014 10:45:07 -0400
Message-id: <[🔎] 87fvfzttzg.fsf@marcos.anarc.at>
Reply-to: Antoine Beaupré <anarcat@anarcat.ath.cx>, 685575@bugs.debian.org
In-reply-to: <[🔎] 03804948-1B90-4DC3-A034-0CECCFF98C52@nopcode.org>
References: <83D81BD0-2763-48CD-94E5-5CCD22703886@nopcode.org> <87a96lr8t2.fsf@marcos.anarc.at> <87egvwpfsh.fsf@marcos.anarc.at> <[🔎] 03804948-1B90-4DC3-A034-0CECCFF98C52@nopcode.org>

On 2014-09-10 10:28:46, Roman Valls Guimera wrote:
> 31 aug 2014 kl. 22:25 skrev Antoine Beaupré <anarcat@anarcat.ath.cx>:
>
>> On 2014-08-30 17:01:29, Antoine Beaupré wrote:
>>> Looking at this, I wonder if some features should be enabled in the
>>> build. I am thinking of:
>>> 
>>> WANT_SYSLOGS
>>> WANT_V6
>>> WANT_COMPRESSION_GZIP
>> 
>> 
>> Reading the code quickly, it seems that WANT_DEV_RANDOM should probably
>> be used as well, otherwise the RNG is seeded on time(NULL), which is
>> bad.
>
> Humm, I agree that this might seem confusing and I’m not a crypto expert, but the seed is still relative to the timestamp, not NULL… it’s not random(null), but random(time(null)). Time(NULL) returns current time:
>
> http://stackoverflow.com/questions/7550269/what-is-timenull-in-c

Right, that is what i meant - seeding on the timestamp is bad.

> Also, as I mentioned before, srandomdev() does not exist in modern linux distributions, only srandom(). It does exist though in FreeBSD, but we are not concerned about it here…

True, srandomdev() is only on FreeBSD, i am not sure anymore how to seed
the RNG with /dev/random here...

Let's say it's not a blocker for now.

>> I also looked at WANT_V6 and it seems mostly concerned about storage,
>> display and data structures, but network routines seem to do the right
>> thing, so i wonder why this is necessarily exclusive…
>
> What makes you think so? Again, I am not an expert, but it does seem like networking code:
>
> static int64_t ot_try_bind( ot_ip6 ip, uint16_t port, PROTO_FLAG proto ) {
>   int64 sock = proto == FLAG_TCP ? socket_tcp6( ) : socket_udp6( );

This seems to decide between TCP and UDP, but both are in IPv6.

> #ifndef WANT_V6
>   if( !ip6_isv4mapped(ip) ) {
>     exerr( "V4 Tracker is V4 only!" );
>   }
> #else
>   if( ip6_isv4mapped(ip) ) {
>     exerr( "V6 Tracker is V6 only!" );
>   }
> #endif

This seems to be just a check that could easily be removed.

> Since IPV4 is still the most popular stack today, should we package it with it enabled and look for an improvement (transparent ipv4/ipv6 support) later on?

Sure, let's start with that - can we file a bug upstream or something?

A.

-- 
Au nom de l'état, la force s'appelle droit.
Au main de l'individu, elle s'appelle crime.
                        - Max Stirner

Attachment: pgp1auvViPtnP.pgp
Description: PGP signature

Reply to:

References:
- Bug#685575: opentracker debian folder passes lintian
  - From: Roman Valls Guimera <brainstorm@nopcode.org>

Prev by Date: Bug#685575: opentracker debian folder passes lintian
Next by Date: Bug#749815: Package updated
Previous by thread: Bug#685575: opentracker debian folder passes lintian
Next by thread: Bug#685575: opentracker debian folder passes lintian
Index(es):
- Date
- Thread