** Description changed: In order to check the signature of click package we want to use the debsig-verify tool. Because clicks and debs are similar we can use debsig-verify with a appropriate policy to do the verifications. This MIR covers the tool itself, the policy will be put into a seperate package (much like the ubuntu-keyring package). - Availability: + Availability: - available in ubuntu universe and debian unstable Security: - - security is checked + - I did a code audit and the code looks good to me + - I also wrote a bunch of integration tests in the lp:~mvo/click/debsigs-verify that tests various ways of attacking the system and ensures its robust + - AFAIK there was no review from the security team yet Quality assurance: - utility that gets the configuration via a click-store-policy package so no configuration required in the package itself - no debconf question - - no long term open bugs (just 1 open bug in ubuntu, no open bugs in debian) + - no long term open bugs (just 1 open bug in ubuntu, no open bugs in debian) - the package is is well maintainedsince some months, it used to be orphaned but Guillem Jover picked it up and it already got two uploads since June - its a native package so no debian/watch files UI standards: (generally only for user-facing applications) - no UI, just CLI Dependencies: - all binary/source dependencies are in main - follows FHS/debian policy - Maintenance: + Maintenance: - there is a active maintainer Background information: - the purpose of the package should be well explained in the description Security checks - no vulnerabilities yet - no suid, /sbin, ports, daemons or plugins
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1358272 Title: [MIR] debsig-verify To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debsig-verify/+bug/1358272/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
