I reviewed python-nacl version 1.1.2-1build1 as checked into bionic. This isn't a full security audit but rather a quick gauge of maintainability.
- No CVEs in our database - python-nacl is a shim to the libsodium library - Build-Depends: debhelper, dh-python, libsodium-dev, python-all-dev, python-cffi, python-pytest, python-setuptools, python-six, python3-all-dev, python3-cffi, python3-pytest, python3-setuptools, python3-six, python3-sphinx, - Does not daemonize - pre/post inst/rm scripts automatically generated - No init scripts - No systemd unit / service files - No DBus services - No setuid files - No binaries in main - No sudo fragments - No udev rules - Large test suite run during the build - No cron jobs - Build logs have an error that seems to indicate an attempt to build documentation based on network-reached assets: > loading intersphinx inventory from http://docs.python.org/objects.inv... > WARNING: failed to reach any of the inventories with the following issues: > WARNING: intersphinx inventory 'http://docs.python.org/objects.inv' not fetchable due to <class 'requests.exceptions.ProxyError'>: ('intersphinx inventory %r not fetchable due to %s: %s', 'http://docs.python.org/objects.inv', <class 'requests.exceptions.ProxyError'>, ProxyError(...)) > - No subprocesses spawned - No file IO - Memory management looked careful - Logging looked careful - No environment variable use - Extensive cryptography -- but all wrappers - No privileged functions - No privileged portions of code - No temporary files - No WebKit use - No JavaScript use - No JavaScript use - No PolicyKit use python-nacl is straight-forward FFI shim with good error checking and a test suite with over 4000 tests. (I didn't inspect the tests, but it surely sounds promising.) Security team ACK for promoting python-nacl to main. Thanks ** Changed in: python-nacl (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
