Your message dated Tue, 30 Aug 2016 09:20:00 +0000 (UTC) with message-id <968367985.3078962.1472548800239@mail.yahoo.com> and subject line Re: Bug#835975: RFS: triops/9.0-1 [ITP] has caused the Debian Bug report #835975, regarding RFS: triops/9.0-1 [ITP] to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 835975: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835975 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: RFS: triops/9.0-1 [ITP]
- From: "Roberto S. Galende" <roberto.s.galende@gmail.com>
- Date: Mon, 29 Aug 2016 18:58:18 +0200
- Message-id: <[🔎] CACdNo9y6J4bt2nj5a_gcvpTFV31jcihZmeBacq3NJU46PzKAzw@mail.gmail.com>
Package: sponsorship-requests
Severity: normal
Dear mentors,
I am looking for a sponsor for my package "triops"
Package name : triops
Version : 9.0-1
Upstream Author : Roberto S. Galende <roberto.s.galende@gmail.com>
URL : http://github.com/circulosmeos/triops
License : GPL 3
Section : utils
It builds those binary packages:
triops - safely and securely encrypt and decrypt files from cmdline
To access further information about this package, please visit the following URL:
https://mentors.debian.net/package/triops
Alternatively, one can download the package with dget using this command:
dget -x https://mentors.debian.net/debian/pool/main/t/triops/triops_9.0-1.dsc
More information about hello can be obtained from https://www.example.com.
Regards,
Roberto S. Galende
--- End Message ---
--- Begin Message ---
- To: <835975-done@bugs.debian.org>, "roberto.s.galende@gmail.com" <roberto.s.galende@gmail.com>
- Subject: Re: Bug#835975: RFS: triops/9.0-1 [ITP]
- From: Gianfranco Costamagna <locutusofborg@debian.org>
- Date: Tue, 30 Aug 2016 09:20:00 +0000 (UTC)
- Message-id: <968367985.3078962.1472548800239@mail.yahoo.com>
- Reply-to: Gianfranco Costamagna <locutusofborg@debian.org>
- In-reply-to: <[🔎] 20160829175808.ung5d3xdztxynpzx@jwilk.net>
- References: <[🔎] CACdNo9y6J4bt2nj5a_gcvpTFV31jcihZmeBacq3NJU46PzKAzw@mail.gmail.com> <[🔎] 20160829175808.ung5d3xdztxynpzx@jwilk.net>
Hi Roberto, (closing this request, sorry) > iv->rand1=rand()*rand(); $ flawfinder -Q -c . ./src/triops.c:320: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination (CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily misused). strcpy (szPassFile, optarg); ./src/triops.c:324: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination (CWE-120). Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily $ cppcheck -j1 --quiet -f . [src/triops.c:734]: (error) Resource leak: hFile [src/triops.c:772]: (error) Resource leak: hFile [src/triops.c:1498]: (error) Uninitialized variable: matrix [src/triops.c:1532]: (error) Uninitialized variable: bytesToTruncate (everything spotted by check-all-the-things tool) >makes me think this is very immature and not suitable for Debian at this >time. >1) Document the exact algorithm and file format you use. >2) Have the design and the code reviewed by a cryptography expert. >3) Write a comprehensive test suite. >4) Gain a significant user-base. > >Then you can think about getting your software into Debian. yes, exactly this: 0 forks, not many commits, maybe a paper/white paper about how the tool works might help in getting it reviewed in dept. I know I'm not adding new value compared to Jakub review, I'm here just to close this RFS, to avoid further reviews :) sorry for closing, feel free to come back when the package needs a new review Gianfranco
--- End Message ---