Your message dated Tue, 30 Aug 2016 09:20:00 +0000 (UTC)
with message-id <968367985.3078962.1472548800...@mail.yahoo.com>
and subject line Re: Bug#835975: RFS: triops/9.0-1 [ITP]
has caused the Debian Bug report #835975,
regarding RFS: triops/9.0-1 [ITP]
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
835975: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "triops"

Package name    : triops
Version         : 9.0-1
Upstream Author : Roberto S. Galende <roberto.s.gale...@gmail.com>
URL             : http://github.com/circulosmeos/triops
License         : GPL 3
Section         : utils

It builds those binary packages:

triops     - safely and securely encrypt and decrypt files from cmdline

To access further information about this package, please visit the
following URL:

https://mentors.debian.net/package/triops


Alternatively, one can download the package with dget using this command:

dget -x
https://mentors.debian.net/debian/pool/main/t/triops/triops_9.0-1.dsc

More information about hello can be obtained from https://www.example.com.


Regards,
Roberto S. Galende

--- End Message ---
--- Begin Message ---
Hi Roberto,

(closing this request, sorry)



>       iv->rand1=rand()*rand();


$ flawfinder -Q -c .


./src/triops.c:320:  [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily
misused).
strcpy (szPassFile, optarg);
./src/triops.c:324:  [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Consider using strcpy_s, strncpy, or strlcpy (warning, strncpy is easily



$ cppcheck -j1 --quiet -f .
[src/triops.c:734]: (error) Resource leak: hFile
[src/triops.c:772]: (error) Resource leak: hFile
[src/triops.c:1498]: (error) Uninitialized variable: matrix
[src/triops.c:1532]: (error) Uninitialized variable: bytesToTruncate


(everything spotted by check-all-the-things tool)


>makes me think this is very immature and not suitable for Debian at this >time.
>1) Document the exact algorithm and file format you use.
>2) Have the design and the code reviewed by a cryptography expert.
>3) Write a comprehensive test suite.
>4) Gain a significant user-base.
>

>Then you can think about getting your software into Debian.

yes, exactly this: 0 forks, not many commits, maybe a paper/white paper
about how the tool works might help in getting it reviewed in dept.

I know I'm not adding new value compared to Jakub review, I'm here
just to close this RFS, to avoid further reviews :)

sorry for closing, feel free to come back when the package
needs a new review

Gianfranco

--- End Message ---

Reply via email to