I reviewed pymacaroons 0.9.2-0ubuntu1 as checked in to Xenial.
pymacaroons is a python implementation of the Macaroon concept - like
cookies but with caveats, allowing delegation and attenuation of
authority - so kind of like capabilites (the real ones, not POSIX /
Linux ones).
- No CVE history in our database
- Depends:
- debhelper, dh-python, python[3], python[3]-all, python[3]-libnacl,
python[3]-setuptools, python[3]-six
- Nothing out of the ordinary for a python package, in particular uses
python[3]-libnacl for the crypto
- Does not itself do networking
- Does not daemonize
- No pre/post inst/rm
- No init scripts
- No dbus services
- No setuid files
- No binaries in the PATH
- No sudo fragments
- No udev rules
- No test suite - upstream has one but this does not seem to exist in
the orig tarball and no autopkgtest either :(
- No cron jobs
- Clean build logs
- No subprocesses spawned
- No file IO
- No logging
- No environment variable use
- No privileged functions
- No networking
- No privileged portions of code
- No temp files
- No WebKit
- No PolKit
No particular issues identified other than the missing test suite :/ -
security team ACK for promoting to main for Xenial/Trusty.
** Changed in: pymacaroons (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1746772
Title:
[MIR] pymacaroons, python-libnacl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pymacaroons/+bug/1746772/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
