I reviewed python-service-identity version 1.0.0-0ubuntu1 as checked into utopic. This shouldn't be considered a full security audit but rather a quick gauge of maintainability.
- python-service-identity provides RFC 6125 verification of dNSName, uniformResourceIdentifier, otherName types of subjectAltName extensions in x.509 certificates. - Build-Depends: debhelper, dh-python, python-all, python-setuptools, python-openssl, python-pyasn1-modules, python-characteristic, python-pytest, python3-all-dev, python3-setuptools, python3-openssl, python3-pyasn1-modules, python3-characteristic, python3-pytest - Uses OpenSSL - Does not itself use networking - Does not daemonize - May run as a system user - No maintainer scripts - No initscripts - No dbus services - No setuid files - No new binaries - No sudo fragments - No udev rules - Good test suite -- but does not run during build - No cron jobs - Build logs clean - No processes spawned - No memory management - No files written - No logging - No environment variables - No privileged portions of code - Extensive X.509 parsing Since the comparisons are made using python byte streams, I believe the classical nul character attack won't give incorrect results. - Does not itself do networking - No temporary files - No webkit - No javascript - Clean pyflakes - No PolicyKit This package is relatively new and performs relatively complex operations; however, the coding style is clear and concise, upstream has published security contacts and intends to not break published APIs. Please investigate why the tests report "Ran 0 tests in 0.000s". The tests look extensive, we should make sure they run at build time. Once the tests are addressed, security team ACK for promoting python-service-identity to main. Thanks ** Changed in: python-service-identity (Ubuntu) Assignee: Seth Arnold (seth-arnold) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1349119 Title: [MIR] new dependencies for twisted To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-characteristic/+bug/1349119/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs