Comment 3 for bug 2002818

Revision history for this message
Mark Esler (eslerm) wrote :

I reviewed mdurl 0.1.1-2 as checked into kinetic. This shouldn't be considered a full audit but rather a quick gauge of maintainability.

> URL utilities for markdown-it (a Python port)

- CVE History:
  - none
- Build-Depends?
  - lunar main
     - debhelper-compat (debhelper)
     - python3-all (python3-defaults)
  - lunar universe
    - dh-python
    - flit
    - pybuild-plugin-pyproject
    - python3-pytest (dh-python)
- pre/post inst/rm scripts?
  - yes, standard prerm and postinst generated by dh-python
- init scripts?
  - none
- systemd units?
  - none
- dbus services?
  - none
- setuid binaries?
  - none
- binaries in PATH?
  - none
- sudo fragments?
  - none
- polkit files?
  - none
- udev rules?
  - none
- unit tests / autopkgtests?
  - runs build tests
  - not all decode tests have been implemented
    - https://github.com/executablebooks/mdurl/issues/2
  - recent lunar autopkgtests failing
- cron jobs?
  - none
- Build logs:
  - nothing significant

- Processes spawned?
  - none
- Memory management?
  - standard python
- File IO?
  - none
- Logging?
  - none
- Environment variable usage?
  - none
- Use of privileged functions?
  - none
- Use of cryptography / random number sources etc?
  - none
- Use of temp files?
  - none
- Use of networking?
  - none
- Use of WebKit?
  - none
- Use of PolicyKit?
  - none

- Any significant cppcheck results?
  - none
- Any significant Coverity results?
  - none
- Any significant shellcheck results?
  - none
- Any significant bandit results?
  - none

Security team ACK for promoting mdurl to main, after Foundations is satisfied with autopkgtests.