Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
Out of my curiosity/ignorance, have you considered Dehydra and Treehydra of Mozilla for inclusion? On Tue, Dec 21, 2010 at 4:13 AM, Raphael Geissert wrote: > Hi, > > Javier Fernández-Sanguino Peña wrote: > >> On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote: >>> = What is there for everyone? = >>> >>> At the moment there are only partial reports from two tools, but the list >>> of tools to be evaluated and possibly included goes over twenty. >> >> I would be glad if the tools included some security auditing tools such >> as: >> >> + Available as Debian packages >> - RATS: security auditing utility for C, C++, PHP, Perl, and Python >> code >> - Flawfinder: securty flaw search tool for C/C++ source code > > To be honest, the results of both tools are usually just noise and it would > be better if the C/C++ checks that are not implemented by cppcheck were > contributed. > I'm not opposed to running them either, but they will be down on my To-Do > list. If anyone has a few minutes to come up with the right scripts and > tweaks to the web reports, please subscribe and email the daca- > de...@lists.alioth.d.o list. > >> - Split: a tool for statically checking C programs for bugs > > Splint has better results than rats and flawfinder, but the same arguments > apply. > >> - Jlint: Tool to check Java code for bugs, inconsistencies and >> synchronization problems >> >> + There are some other static security analysis currently not available >> in Debian, such as: >> - FindBugs: a tool for static analysis of Java code >> http://findbugs.sourceforge.net/ >> - JCSC: Java source code checker - http://jcsc.sourceforge.net/ >> - PMD: Tool to review Java code for bugs - http://pmd.sourceforge.net/ >> >> As Debian is getting more java code in now it would be worth it to have >> some Jave tools in the toolbox too. > > Niels Thykier said he would look into the java stuff, so that's probably > covered (if more people want to join, they are of course welcome.) > > Thanks for your email. > > Cheers, > -- > Raphael Geissert - Debian Developer > www.debian.org - get.debian.net > > > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4d0ff7ed.0421970a.166e.6...@mx.google.com > > -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktim4arlb_t-+cpdy8mvo5aqresizmsxk22cmp...@mail.gmail.com
Re: "Waqf" General Public License in Debian?
On Fri, Jul 2, 2010 at 4:27 PM, Matthias Klumpp wrote: > On Fri, 2 Jul 2010 16:12:55 +0430, Mohammad Ebrahim Mohammadi Panah > wrote: >> On Fri, Jul 2, 2010 at 3:55 PM, Christoph Anton Mitterer >> wrote: >>>> Oh suure. "We are all about freedom, but please no religional >>>> stuff. Oh, and while we are at, get away with porn. And alcohol is bad >>>> too, anything that can help people there, get away." >>>> Thats not how it works, we cant ask anyone putting things in main to > not >>>> discriminate against persons/groups/fields and then discriminate on our >>>> own. >>> I guess it's quite easy for to judge things like this using common >>> sense... >> >> I don't think my common sense is anything near yours. Isn't Debian >> supposed to be for all of us? > I think this is not the question at all. I clearly agree with adding > packages related to religious stuff, and this application has a right to be > in Debian too. But there is this serious problem with the license: Relying > on "Islamic laws" is not acceptable. The license text is full of references > to prophets sayings and "permissive principles of Islam". I don't thing > this is compliant with the DFSG, cause it does not explain clear enough > what you can do with the software and even Muslims have do argue about it. > In my opinion relying on religious stuff in licenses should not be > permitted. If upstream chooses a BSD-style license etc. there should be no > problem to accept this upload. > I think the ftp-masters will do the right thing too, but I'm sure they need > to think a lot about it before they make a decision. > I said that saying assuming we're talking about including it in non-free. I completely agree it cannot be in main. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktiledqncwlzktwnnlmgna1p-iquise4liwjlt...@mail.gmail.com
Re: "Waqf" General Public License in Debian?
On Fri, Jul 2, 2010 at 3:55 PM, Christoph Anton Mitterer wrote: >> Oh suure. "We are all about freedom, but please no religional >> stuff. Oh, and while we are at, get away with porn. And alcohol is bad >> too, anything that can help people there, get away." >> Thats not how it works, we cant ask anyone putting things in main to not >> discriminate against persons/groups/fields and then discriminate on our >> own. > I guess it's quite easy for to judge things like this using common > sense... I don't think my common sense is anything near yours. Isn't Debian supposed to be for all of us? -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktimsydat7eu9nrnwl_sajzcz0vklew5gxblyx...@mail.gmail.com
Re: A lot of pending packages
I'm not still a DD, and I would like to have an easier way to get my packages into Debian. But I'm afraid by opening up the experimental section, quality will be sacrificed. Just look at quality of some packages in universe of Ubuntu. Some of them even don't have a reasonable summary! On Fri, Jun 11, 2010 at 4:43 AM, Jordan Metzmeier wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 06/10/2010 06:01 PM, Thomas Goirand wrote: > > Petter Reinholdtsen wrote: > > My 2nd suggestion is coming from the Maemo platform (the OS behind > > the Nokia n900 that is Debian based). In Maemo, there is a "devel" > > repository that includes apps that aren't necessarily in good shape. The > > users know that fact when they are adding the repository which contains > > packages that are not necessarily as tested, and wont complain. > > > > Isn't this already called experimental? If not, how would it differ? > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (GNU/Linux) > > iQIcBAEBCAAGBQJMEX+zAAoJEKj/C3qNthmTs2gP/At420Y2EMm80++NEPftTAy4 > HuRdWwIpKQ7diwWKkqeSsYVSFtFA52MAYn/Us+nTE/M7IYVf5gxjiwuL4JClFAxW > /IjZ3lhd6jnYmAUVWhIWpxg5WJhjkMwDxIsjBdIbeAgUD7OMI38VaXuwOh1hGzo0 > x5RiY3/jiiVKrZdb07uqGigvPuF8B2lNP0c5zePHeNl/Syt9uA4GO/wrzCLsZz1x > O2Vs2ng9N5pxWTLw2T61cRC9dynEhZeqQlhbqVaSIuw7xCTJQPh1L4/awVXHXp60 > /Q2oc2pMjfAFtI/noAqPbhH+tWeRq1P2+JePEopRkVT0KZA4o8qDo0PrXH4am5xq > CSczIY2Hq3sc/ZT3eEnB1LflT3Tj2vJYjowo2XG5Ua2nvcEru9M49kiQlLYXCLj0 > wc/fFAXc6+VPHEUGdBk417dYPbipH7WKPkleyglv9DJDxRljIg1LYVVQZyQ9XDCo > b05b5Rh/Kyq0JN0G1aUF4roOOGYoTTLPSbkheH5OO6BhhcOfUUZKO4mA8hcm4gxQ > v45cflqyHJHE5UY2sIE3WpMYWC2fVuM+NQAk6Vlk3bUh43EPtHqLE8VwVZEAiKDz > /baPfEEFohz2bf0q8lfrE+rdFFEwQz8P/CajGf3xs45bLTMdU0ZlAlMLAii4Bzrc > IV/FeK0utzNYrEHLDsEm > =IiwS > -END PGP SIGNATURE- > > > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4c117fb8.10...@gmail.com > -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktikyvi5ftkcrs3oh1gldkeirffubkx4woqttt...@mail.gmail.com
Bug#507918: ITP: drraw -- A simple web based presentation front-end for RRDtool
Package: wnpp Severity: wishlist Owner: Mohammad Ebrahim Mohammadi Panah <[EMAIL PROTECTED]> * Package name: drraw Version : 2.1.3 Upstream Author : Christophe Kalt <[EMAIL PROTECTED]> * URL : http://web.taranis.org/drraw/ * License : BSD Programming Lang: Perl Description : A simple web based presentation front-end for RRDtool drraw is a simple web based presentation front-end for RRDtool that allows you to interactively build graphs of your own design. A graph definition can be turned into a template which may be applied to many Round Robin Database files. drraw specializes in providing an easy mean of displaying data stored with RRDtool and does not care about how the data is collected, making it a great complement to other RRDtool front-ends. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (800, 'unstable'), (700, 'experimental'), (600, 'testing') Architecture: amd64 (x86_64) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
