(I don't intend to sponsor this package.)
* Daniel Pocock <[email protected]>, 2012-10-03, 12:23:
http://mentors.debian.net/debian/pool/main/p/python-msrplib/python-msrplib_0.15.0-1.dsc
lintian emits:
I: python-msrplib source: debian-watch-file-is-missing
lintian4python emits:
i: python-msrplib source: debian-pycompat-is-obsolete
I'd use "debhelper (>= 8)" instead of "debhelper (>= 8.0.0)".
Current standards versions is 3.9.4.
The versioned build-dependency on python is insufficient; as per
dh_python2 manpage it should be at least >= 2.6.6-3~. Also, it should be
s/python/python-all/, because otherwise you could run into bug #683557.
We are phasing out DM-Upload-Allowed:
http://lists.debian.org/debian-devel-announce/2012/09/msg00008.html
Please remove the field from debian/control.
The long description explains what is MSRP, but it doesn't say a word
about the package itself. Please see Developer's Reference ยง6.2.3, which
contains some hints on how to write good package description. You may
also want to have it reviewed by [email protected].
The copyright file is not policy-compliant. Please see:
https://lists.debian.org/debian-devel-announce/2006/03/msg00023.html
Upstream seems to provide a test suite. Please run it at build time.
Upstream provides some examples. It might be worth including them in the
binary package.
In msrplib/digest.py:
| try:
| nonce_dec = b64decode(nonce)
| issued, nonce_ip = nonce_dec[16:].split(":", 1)
| issued = float(issued)
| except:
| raise LoginFailed("Could not decode nonce")
This would catch KeyboardInterrupt and other unexpected errors. Please
catch only exceptions you _do_ expect.
Are you sure the way msrplib uses the "random" module is secure? The
documentation says this module is "completely unsuitable for
cryptographic purposes".
--
Jakub Wilk
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
