* Should use system zlib * virtuoso-t should be installed in /usr/lib since it doesn't run sanely alone in /usr/bin (and lacks a man page) * Config files (*.cfg) are all out of the local directory. virtuoso-t should only be run from a safe location in a user's home directory where no surprise settings can be injected. * libsrc/Wi/bif_files.c should be changed to force all the "if (do_os_calls)" checks to fail, regardless of configuration setting. This seems like a dangerous ability for it to have.
There is a lot of memory allocation code, but given how far removed from direct 3rd party data this software will be, I'm relatively comfortable with that. I would, however, expect that this code will need attention during the lifetime of Lucid. If the above 4 points can be addressed (#3 is actually in nepomuk, I think), this would be okay for main, given that it is a very stripped down version of virtuoso-opensource. ** Changed in: virtuoso-opensource (Ubuntu) Importance: Undecided => High ** Changed in: virtuoso-opensource (Ubuntu) Status: New => Incomplete ** Changed in: virtuoso-opensource (Ubuntu) Assignee: Kees Cook (kees) => Jonathan Riddell (jr) -- main inclusion request for virtuoso https://bugs.launchpad.net/bugs/503774 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs