MIR review for libprelude:
* Builds fine with only main enabled
* Has a test suite and it is enabled in the build
* No Ubuntu delta
* dh_makeshlibs is used, but not dh_makeshlibs -V (would be nice to have this in Debian)
* Has debian/watch file
* Update history is slow, but there isn't really much to do
* The current release is not packaged. 1.0.1 is avilable but this only has 2 bug fixes
* Will entering main make it harder for the people currently keeping it up to date? no-- should be able to just sync
* Lintian warnings (lintian ../source/*dsc ../binary/*.deb)
* Is debian/rules a mess? it's fine
* there are warnings during the build, but they shouldn't be a problem (in the testsuite, setting variables but not using them, unused functions, etc)
* Incautious use of malloc/sprintf: spot checked various places and it seems fine-- returns code are checked, string operations are ok
* Uses of sudo (see audit-packaging.sh) or LD_LIBRARY_PATH (see audit-code.sh)
* Important bugs (crashers, etc) in Debian or Ubuntu: no
* Does the package have a CVE history? no
* binaries are compiled with PIE
* No initscripts/upstart jobs, dbus services, setuid/fscaps, sudo, cron jobs
* use of chown() suggests privileged operations, but this seems under the control of the admin (ie, no network services processes untrusted input)
Nothing in this review suggests it needs a security audit. ACK
MIR review for libprelude:
* Builds fine with only main enabled
* Has a test suite and it is enabled in the build
* No Ubuntu delta
* dh_makeshlibs is used, but not dh_makeshlibs -V (would be nice to have this in Debian)
* Has debian/watch file
* Update history is slow, but there isn't really much to do
* The current release is not packaged. 1.0.1 is avilable but this only has 2 bug fixes
* Will entering main make it harder for the people currently keeping it up to date? no-- should be able to just sync
* Lintian warnings (lintian ../source/*dsc ../binary/*.deb)
* Is debian/rules a mess? it's fine
* there are warnings during the build, but they shouldn't be a problem (in the testsuite, setting variables but not using them, unused functions, etc)
* Incautious use of malloc/sprintf: spot checked various places and it seems fine-- returns code are checked, string operations are ok
* Uses of sudo (see audit-packaging.sh) or LD_LIBRARY_PATH (see audit-code.sh)
* Important bugs (crashers, etc) in Debian or Ubuntu: no
* Does the package have a CVE history? no
* binaries are compiled with PIE
* No initscripts/upstart jobs, dbus services, setuid/fscaps, sudo, cron jobs
* use of chown() suggests privileged operations, but this seems under the control of the admin (ie, no network services processes untrusted input)
Nothing in this review suggests it needs a security audit. ACK