Dear Debian People, I ITPed a package which unfortunately ended up not providing original sources (sources everybody gets were indentation removed). Unreasonable denial of providing original source forced me to question good intent of the author to provide useful and spam/crap-free software. Since I could not possibly to examine that code, I've decided to look at other software written by the same author, and which has original source code, which probably nobody else ever examined anyways.
The question is: are there any helper tools for doing source code validation subject to possibly available snippets of code which might be for illegal activity (ie sending out private information, or serve as backdoors, etc)? May be some language specific tools (JS, Java, python) which could catch snippets intended for data transmission/receival? Sniffing of the traffic of running app is an effective utility but can't always apply (I could write a code which sends out information only once in a month on a random date/time, I doubt that anyone would monitor/analyze all the monthly traffic to catch me), especially if a particular application is an extension to the bigger application (like mozilla products' extensions). Especially it becomes a hard task in checking extensions to Internet appliances such as web-browsers, which can provide reach API for the purpose of data transmission/receipt, and packets from a specific extension would be buried in the rest of the traffic coming out from the application. -- .-. =------------------------------ /v\ ----------------------------= Keep in touch // \\ (yoh@|www.)onerussian.com Yaroslav Halchenko /( )\ ICQ#: 60653192 Linux User ^^-^^ [175555] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]