I reviewed zope.i18nmessageid 4.0.3-2build6 as checked into eoan. This
shouldn't be
considered a full audit but rather a quick gauge of maintainability.
- CVE History:
- There have been CVEs against zope, but none seem to affect this package in
specific
- Build-Depends?
- Requires no encryption or networking libraries.
- boostrap.py requires urllib2, but this is not included in the distributed
.deb package.
- pre/post inst/rm scripts?
- None
- init scripts?
- None
- systemd units?
- None
- dbus services?
- None
- setuid binaries?
- None
- binaries in PATH?
- None
- sudo fragments?
- None
- udev rules?
- None
- unit tests / autopkgtests?
- Python test suite comprehensively tests functionality
- cron jobs?
- None
- Build logs:
- The build produces the following Lintian warnings:
- W: zope.i18nmessageid source: vcs-obsolete-in-debian-infrastructure
vcs-svn svn://svn.debian.org/pkg-zope/zope.i18nmessageid/trunk
- W: zope.i18nmessageid source: vcs-obsolete-in-debian-infrastructure
vcs-browser http://svn.debian.org/viewsvn/pkg-zope/zope.i18nmessageid/trunk
- W: zope.i18nmessageid source: ancient-python-version-field
x-python-version 2.4
- W: zope.i18nmessageid source: ancient-python-version-field
x-python3-version 3.2
- W: zope.i18nmessageid source: ancient-standards-version 3.9.6 (released
2014-09-17) (current is 4.3.0)
- W: python-zope.i18nmessageid:
priority-extra-is-replaced-by-priority-optional
- W: python3-zope.i18nmessageid:
priority-extra-is-replaced-by-priority-optional
- Build warnings:
setup.py:43: DistDeprecationWarning: Features are deprecated and will
be removed in a future version. See
https://github.com/pypa/setuptools/issues/65.
[os.path.normcase(codeoptimization_c)]
/usr/lib/python2.7/distutils/core.py:111: DistDeprecationWarning:
Features are deprecated and will be removed in a future version. See
https://github.com/pypa/setuptools/issues/65.
_setup_distribution = dist = klass(attrs)
reading manifest template 'MANIFEST.in'
warning: no previously-included files matching '*.dll' found anywhere
in distribution
warning: no previously-included files matching '*.pyc' found anywhere
in distribution
warning: no previously-included files matching '*.pyo' found anywhere
in distribution
warning: no previously-included files matching '*.so' found anywhere in
distribution
writing manifest file 'src/zope.i18nmessageid.egg-info/SOURCES.txt'
- Processes spawned?
- Processes are spawned in bootstrap.py, but this is not included in the
distributed .deb packages
- Memory management?
- no malloc,free,strcpy,memcpy, etc. calls are made.
- pointers are checked to ensure they are not NULL before they are used.
- File IO?
- Minimal file IO is performed in setup.py and bootstrap.py, but these are
not included in the distributed .deb packages
- Logging?
- This package is essentially just a single class meant to be used within a
larger context. There is no logging.
- Environment variable usage?
- Environment variables are used in bootstrap.py, but this is not included in
the distributed .deb packages
- Use of privileged functions?
- None
- Use of cryptography / random number sources etc?
- None
- Use of temp files?
- None
- Use of networking?
- A file is downloaded by bootstrap.py, but this is not included in the
distributed .deb package.
- Use of WebKit?
- None
- Use of PolicyKit?
- None
- Any significant cppcheck results?
- No
This is a small bit of code with no prior CVEs against it. The project
does not move overly quickly and appears to be supportable. It may be
wise to address the build warnings as they highlight deprecated
features, which could impact future supportability.
Security team ACK for promoting zope.i18nmessageid to main.
** Bug watch added: github.com/pypa/setuptools/issues #65
https://github.com/pypa/setuptools/issues/65
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820239
Title:
[MIR] zope.i18nmessageid as dependency of mailman3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zope.i18nmessageid/+bug/1820239/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
