Bug#683184: RFS: suckless-tools/39-1 [ITA]

Mon, 30 Jul 2012 01:51:16 -0700

This is only a very rudimentary review. I don't have time to review this properly for the time being. Anybody else is welcome to do it for me. :) 

* Vasudev Kamath <kamathvasu...@gmail.com>, 2012-07-29, 22:27:

   dget -x 
http://mentors.debian.net/debian/pool/main/s/suckless-tools/suckless-tools_39-1.dsc

 More information about hello can be obtained from http://www.example.com.

 Changes since the last upload:

suckless-tools (39-1) unstable; urgency=low
It doesn't look like it's suitable for wheezy, so please make it s/unstable/experimental/. 


 [ Michael Stummvoll ]
 * New Maintainer (Closes: #647090)


[0]


 [ Vasudev Kamath ]
 * Imported new version of slock (Closes: #667796)
This fixes a security issue, so please mention CVE number in the changelog. 


   + Added myself as maintainer and Michael Stummvoll as Uploader


I'd merge this item with [0].


   + Added dependency on dpkg-dev >= 1.16.1.1


It'd nice to mention why it's needed.


+This package contains a set of tools from suckless community as
+single package. To build the package you need to create source
+tarballs of individual tool component involved. This can be done
+by running following command from suckless-tools folder
+
+ fakeroot debian/rules get-orig-source


Why fakeroot?


+Forwarded: <no|not-needed|url proving that it has been forwarded>


Please choose one. :)


+-$ $(tabbed -d >/tmp/tabbed.xid); urxvt -embed $(</tmp/tabbed.xid);
++$ $(tabbed \-d >/tmp/tabbed.xid); urxvt \-embed $(</tmp/tabbed.xid);
If you're fixing this, please also fix the security hole (insecure use of temporary files). 


+override_dh_installdocs:
+       dh_installdocs
+       for TOOL in $(TOOLS); \
+       do \
+               cp $${TOOL}/README 
$(D)/usr/share/doc/suckless-tools/README.$${TOOL}; \
+       done
This for loop needs a "set -e"; see Policy ยง4.6. I see other parts of debian/rules has the same problem. 


+       @cd /tmp
+       @tar -cvf - suckless-tools_$(CURRENT_VERSION) 2> /dev/null | gzip -9 > 
../suckless-tools_$(CURRENT_VERSION).orig.tar.gz
+       @rm -rf /tmp/suckless-tools_$(CURRENT_VERSION)


This creates temporary files insecurely.

--
Jakub Wilk


--
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120730084811.ga6...@jwilk.net

Reply via email to