Bug#864241: RFS: pnmixer/0.7.2-1 -- Simple mixer application for system tray

[Paul Wise <pabs@debian.org>]

On Mon, Jun 5, 2017 at 11:35 PM, Arnaud wrote:

> mentors.debian.net says there's a problem. I'm not sure what's wrong.

Probably due to the old version of uscan it uses.

> The package is now built with `gbp` from a git tag. I guess it fixes the problem.

Please verify that is the case.

> I have no idea where are the source images, when I jumped in PNMixer development there was only the PNG files, and I don't think the XCF files will ever be found.

That is a shame, you might want to mention in the README that the XCF
files were lost so now any modifications will be to the PNG files.

>> Instead of g_spawn_command_line_async() you should use g_spawn_async().
>
> Sorry, disagreeing on this one, g_spawn_command_line_async() is definitely what I want to use, it's the right tool for the job.

Looking more closely it seems I was wrong and the
g_spawn_command_line*() functions are actually safe. I had assumed
they would run the command-line by using the shell, which could mean
shell metacharacter injection attacks.

> And if the implementation is bad and uses too many pid, no worries.

I think you may have misunderstood the point of my blog post, it is
more about shell metacharacter injection attacks.

> Fixed a few things, but there's way too much stuff there, I didn't take time to look through everything. For the next release :)

Please consider running lintian/check-all-the-things/etc as often as
you can (such as before each release or before every commit) and
chipping away at the issues when you have time.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise