Comment 7 for bug 1817327

python-libnacl is a thin python wrapper over the libsodium C library,
using ctypes to interact with libsodium. I reviewed python-libnacl
1.4.5-0ubuntu1 from xenial. This shouldn't be considered a full security
audit but rather a quick check of maintainability. Furthermore this is
not an audit of the fitness for purpose of the cryptography in
libsodium.

- No CVE history in our database
- Depends:
  - debhelper, dh-python, libsodium-dev, pkg-config, python, python-all,
    python-nose, python-setuptools, python3, python3-all, python3-nose,
    python3-setuptools
  - Nothing out of the ordinary for a python package, in particular uses
    libsodium for all the heavy lifting
- Does not itself do networking
- Does not daemonize
- No pre/post inst/rm
- No init scripts
- No dbus services
- No setuid files
- No binaries in the PATH
- No sudo fragments
- No udev rules
- A test suite is run during the build
- No cron jobs
- Clean build logs

- No subprocesses spawned
- Uses file IO for storing keys, umask is appropriately set to ensure
  0400 permissions on resulting files
 - Files are parsed as either json or msgpack (no dependency on
   python-msgpack so could this be abused at runtime to crash
   python-libnacl by trying to get it to use a msgpack file where it
   will fail on import msgpack?)
- No logging
- No environment variable use
- No privileged functions
- No networking
- No privileged portions of code
- No temp files
- No WebKit
- No PolKit

Only outstanding issue issue is whether this is missing a depend on
python-msgpack. Once this is resolved or rationalized, Security team ACK
for promoting python-libnacl in Xenial (and Trusty for the same version)
to main.