On Fri, Sep 02, 2005 at 04:16:37AM +0100, Steve Kemp wrote:
>
> Minor improvement to handle nested binary files:
>
> sub scan_sources {
> my ($dir) =@_;
>
> system( "./unpack-all.sh $dir" );
> ...
> ...
> }
>
>
> Where unpack-all.sh looks like this:
(...)
That's a start, but does not cover the case when upstream sources are patched
in the Debian package. Browsing those, if the maintainer uses cdbs, might
bring up a lot of false positives if the debian/ directory holds patches.
Maybe it would be useful to do something like:
patches=`find $dir/debian -name '*.diff' | wc -l`
if [ "$patches" -gt 0 ] ; then
echo "WARN: Debian binary package seems to include $patches maintainer
patches"
fi
You could also do this if the debian/control descibes Build-Depends to
'yada', 'cdbs' or 'quilt' (are there other similar packages in Debian?)
Regards
Javier
signature.asc
Description: Digital signature
_______________________________________________
Debian-audit mailing list
Debian-audit@xxxxxxxxxxxxx
http://shellcode.org/mailman/listinfo/debian-audit
|
