[Pkg-security-team] Review of ncrack and t50

Raphael Hertzog hertzog at debian.org
Thu Jul 21 13:27:14 UTC 2016 

Hello Marcos,

I took a look at ncrack and t50. Here are my comments and questions. Please
address them and I will upload the packages. Feel free to ask questions
if you have any.

For ncrack first:
* why is there a Depends on python and Build-Depends on python-all-dev?
  can we get rid of them?
* same question for all other build dependencies except libssl-dev in
  fact...
* there are remaining typos that can be fixed:
I: ncrack: spelling-error-in-binary usr/bin/ncrack guage gauge
I: ncrack: spelling-error-in-binary usr/bin/ncrack addres address
* debian/control: use "optional" instead of "extra" as priority, extra
  is only for packages that are alternatives for some other optional package
* debian/copyright: the license is basically the GPL but with exceptions,
  I wonder if we must mark it that way instead of "Other", it would probably
  also make sense to add a sentence referring to /usr/share/common-licenses/GPL-2
  You should also update the list of copyright holders for "debian/*" to include
  all persons who worked on the package.
* please forward the typo patches to the upstream developers and mark
  the patch as forwarded (using DEP-3 headers).

For t50:
* why do you override dh_strip in the way you do it?
* "dh $@ --with-autoreconf" should be "dh $@ --with autoreconf"
* don't set DH_VERBOSE=1 by default
* drop the boilerplate comments in debian/rules (line 1 to 7)
* clean up debian/changelog, it contains unneeded "[ Marcos Fouces ]" and "[ Marcos ]"
  since were the only one working on it
* add DEP-3 headers to debian/patches/fix-spelling-errors.patch
  and forward the patch upstream (likely with a pull request here:
  https://github.com/fredericopissarra/t50/pulls)
* debian/copyright: Source still mentions t50.sourceforge.net but everywhere
  else you mentionned https://github.com/fredericopissarra/t50
  maybe use the same everywhere if sf.net is obsolete...
* debian/copyright: update the copyright holders for the main code,
  it seems to be "2010 - 2015 - T50 developers" everywhere now.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

More information about the Pkg-security-team mailing list