[Secure-testing-team] inject-embedded-code-copies
Raphael Geissert
geissert at debian.org
Wed Aug 26 15:25:23 UTC 2009
Hi,
Michael S Gilbert wrote:
>
> hello, i've noticed that embedded code copies can be troublesome to
> track, so i've developed a script that automatically adds TODOs for
> known code copies to the CVE list.
Nice, thanks.
Some time ago I wrote bin/embedded-cleanup which performs some syntax
checking and looks for not-existing packages. It would be great if anyone
modifying embedded-code-copies run it and help reduce the number of issues
it detects.
It's current output is:
Non-existing package 'gpdf', line:31
Non-existing package 'pdfkit.framework', line:44
Non-existing package 'enblend-fuse', line:130
Non-existing package 'gadu', line:141
Non-existing package 'mozilla-firefox', line:159
Non-existing package 'mozilla-thunderbird', line:160
Non-existing package 'krb4', line:178
Malformed line (195) detected: '- atheme-services'
Malformed line (196) detected: '- libbsd-arc4random-perl'
Malformed line (197) detected: '- isakmpd'
Non-existing package 'usermin', line:242
Non-existing package 'usermin', line:243
Non-existing package 'mad', line:277
Non-existing package 'python-beautifulsoup', line:309
Non-existing package 'evince-gtk', line:431
Non-existing package 'libpawlib2-lesstif', line:435
Non-existing package 'claws-mail-html2-viewer', line:439
Non-existing package 'libpawlib2-lesstif', line:442
Non-existing package 'magic', line:622
Non-existing package 'auth2db-frontend', line:650
Non-existing package 'hobbix', line:667
Non-existing package 'gforge-plugins-extra', line:798
Non-existing package 'claws-mail-vcalendar-plugin', line:804
Non-existing package 'icedove:', line:880
Non-existing package 'firefox', line:885
Non-existing package 'firefox-3.0', line:887
Non-existing package 'firefox-3.1', line:889
Non-existing package 'seamonkey', line:891
Non-existing package 'thunderbird', line:893
Non-existing package 'mozilla-thunderbird', line:895
The firefox, seamonkey and thunderbird ones come from Ubuntu, which seems a
bit odd to me that we are tracking them.
All the script requires is a an alioth account so that it can query UDD to
get the list of packages per release.
Michael: by the way, the translate hash of my script may help a bit yours,
but we should in general find a better approach.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Secure-testing-team
mailing list