[pkg] brutespray - review

[Lukas Schwaighofer]

Hi Stéphane,

[Stéphane improved on the package and asked me for another review.]

I think you addressed all the points I raised before properly.  Some
more things that I found

* you need to add a line to debian/brutesprayu.install, otherwise the
  package doesn't build for me:

      brutespray.py /usr/bin/

* Shebang patch: I just found out that dh_python2 does that for you, so
  you can drop the patch
  - however, you need to add ${python:Depends} as a dependency for your
    binary package in debian/control, as explained in dh_python2(1)
* wordlist: it's correct to put the word list in /usr/share/brutespray,
  but have to patch brutespray.py to look for the wordlist in that
  directory… (right now it looks for the wordlist directory relative to
  the current working directory).
  - regarding patches, you should add a DEP-3 [1] header
* You Recommend nmap, which seems reasonable to me, but you should
  Depend (not recommend) medusa, as the script will always immediatly
  fail if medusa is not installed (and cannot do anything useful).
* Is there a reason this package has the debian/source/options file? (I
  still don't know what these options are used for and I remember you
  dropped them in curvedns after I asked…)
* debian/copyright: make the "Format" link https
* the man-page should be expanded to list all the command line
  arguments (so it's at least as useful as running `brutespray -h`)

That's all I could find.  Feel free to ping me again if you want me to
check again.

Regards
Lukas

[1] http://dep.debian.net/deps/dep3/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170720/21ebddf3/attachment.sig>