[pkg] brutespray - review
Lukas Schwaighofer
lukas at schwaighofer.name
Thu Jul 20 20:45:02 UTC 2017
Hi Stéphane,
[Stéphane improved on the package and asked me for another review.]
I think you addressed all the points I raised before properly. Some
more things that I found
* you need to add a line to debian/brutesprayu.install, otherwise the
package doesn't build for me:
brutespray.py /usr/bin/
* Shebang patch: I just found out that dh_python2 does that for you, so
you can drop the patch
- however, you need to add ${python:Depends} as a dependency for your
binary package in debian/control, as explained in dh_python2(1)
* wordlist: it's correct to put the word list in /usr/share/brutespray,
but have to patch brutespray.py to look for the wordlist in that
directory… (right now it looks for the wordlist directory relative to
the current working directory).
- regarding patches, you should add a DEP-3 [1] header
* You Recommend nmap, which seems reasonable to me, but you should
Depend (not recommend) medusa, as the script will always immediatly
fail if medusa is not installed (and cannot do anything useful).
* Is there a reason this package has the debian/source/options file? (I
still don't know what these options are used for and I remember you
dropped them in curvedns after I asked…)
* debian/copyright: make the "Format" link https
* the man-page should be expanded to list all the command line
arguments (so it's at least as useful as running `brutespray -h`)
That's all I could find. Feel free to ping me again if you want me to
check again.
Regards
Lukas
[1] http://dep.debian.net/deps/dep3/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170720/21ebddf3/attachment.sig>
More information about the Pkg-security-team
mailing list