Here's the notes I took while reviewing this package: About the source code: uwsgi_calloc() re-introduces integer overflow bugs cppcheck results are entirely false positives
About the debian packaging: cdbs is unfortunate gbp is difficult to work with there's a huge number of binary packages complex Depends, Suggests, Replaces, Conflicts, Provides different binary packages have different supported architectures I really liked the documentation, and it felt like there was a lot to recommend this service, but the huge amount of complexity and highly intricate memory management felt very likely to have security issues. To be clear I didn't find any security issues: it's just that moving memory chunks across consumers and producers as this program does is notoriously difficult to keep correct under maintenance. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1820227 Title: [MIR] uwsgi as dependency of mailman3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/uwsgi/+bug/1820227/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
