Re: /etc/profile.d/
Le lundi 20 décembre 2010 à 01:31 +0530, Ritesh Raj Sarraf a écrit : > I was looking at /etc/profile.d/ and was not sure how it was to function. > > As per LSB 4.0, every script present in /etc/profile.d/ is executed. > I am thinking of a way to have a system wide shell variable that can be > used and updated by > further newer shell processes. Please don’t use profile.d to do that. Nothing guarantees you that this variable will be available everywhere. This is precisely the reason why I’d rather we didn’t have such a feature, since it inevitably gets misused in such a way - as it has been for years by ISVs on Red Hat. Cheers, -- .''`. Josselin Mouette : :' : `. `' “If you behave this way because you are blackmailed by someone, `-[…] I will see what I can do for you.” -- Jörg Schilling signature.asc Description: This is a digitally signed message part
Re: /etc/profile.d/
On 12/20/2010 02:11 PM, Josselin Mouette wrote: > Please don’t use profile.d to do that. Nothing guarantees you that this > variable will be available everywhere. > > This is precisely the reason why I’d rather we didn’t have such a > feature, since it inevitably gets misused in such a way - as it has been > for years by ISVs on Red Hat. Yes. I later looked more to find out bug reports on why this was discouraged. Since my application has multiple invocations based on udev events, I instead resorted to using locks. But that makes me ask: What is LSB there for ? I had looked at the latest spec and this issue was resolved/deprecated in Debian long back. Shouldn't they look into the rationale provided by Debian ? Thanks, Ritesh -- Ritesh Raj Sarraf | http://people.debian.org/~rrs Debian - The Universal Operating System signature.asc Description: OpenPGP digital signature
Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
On Fri, Dec 17, 2010 at 07:25:09PM -0600, Raphael Geissert wrote:
> There are other scheduling problems and that's where people could
> collaborate either by modifying the existing code, rewriting it,
> investigating existing solutions (e.g. boinc,) etc. I'm going to
> write a bit about what the current setup looks like and then publish
> the sources of what I have (I expected the alioth project to have been
> accepted by now.)
The Alioth project has been accepted now:
http://alioth.debian.org/projects/daca/
Please link to the Alioth project from from http://qa.debian.org/daca/ ,
so that interested people can start looking at the code. More
generally, I think it's a very good practice to link to corresponding
source code from every bit of Debian web presence which has code behind
it: it shows our infrastructure is as Free as the software we distribute
and improves the chances of finding new contributors.
Thanks for DACA!
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
z...@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere
ti resta John Fante -- V. Capossela ...| ..: |.. -- C. Adams
signature.asc
Description: Digital signature
Join BAMify Ads today and get 5,000 credits FREE!
Hi Mike, Free Advertising with BAMify Ads You haven't heard from us before. We run a unique company; a free to use ad network. BAMify Ads. What do we do? In a way we're similar to 2 services you might have heard of from Google; AdSense, and AdWords. AdSense enables you to place adverts on your website, AdWords allows you to put your own adverts out on Google's network of AdSense-enabled websites (and the search listings, of course). The key difference with BAMify Ads is that, unlike AdWords, advertising costs you nothing. How does it work? Place a small snippet of code from BAMify Ads on to any website you run. Similar to Google AdSense this will then pick relevant ads from our network and display them to your users. For every impression of the ad you will receive a handful of credits. Now you can create your own adverts (text or image) and upload them to the BAMify Ads network. The credits you earn allow your adverts to be shown across our network - the more you credits you earn, the more impressions your ads receive. It's a great way to establish a steady stream of traffic across a large number of different websites so you can pull in visitors that would normally never find you. You don't need to advertise the website that you have adverts on, so if you own a blog and an e-commerce website you can pop some ads on the blog, then put an advert on to the BAMify Ads network for your e-commerce website. Sign up now and receive 5,000 credits FREE. Refer a friend and earn 5,000 additional credits per sign up. BAMify Ads Team
Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote:
> It's been a while since I started working on this project and even
> longer since I had the idea. It's therefore a pleasure to finally
> announce the DACA project.
Very cool achievement, thanks for it!
> Current tools: cppcheck, and checkbashisms (at the source package
> level.)
Have you already thought about Coccinelle? [1,2] In the context of IRILL
I'm working with some of the authors and we have already anticipated
with them the idea of having Coccinelle runs on the Debian code base. It
was just at a brainstorming level up to now, but now that I know about
DACA it clearly makes sense to integrate with your effort.
[1] http://coccinelle.lip6.fr/
[2] http://lwn.net/Articles/315686/ (LWN coverage)
> = Limitations =
>
> Most of the tools are CPU-bound, limiting considerably the number of
> tools and time it takes to check the whole Debian archive. For
> example, with the typical sid repository update (i.e. not during the
> freeze and with a working ftp- master) it is impossible for the server
> running cppcheck to keep up with all the changes.
We _might_ be able to offer some hardware for the Coccinelle runs, but I
need to verify if that is a concrete possibility or not.
> * First of all you can go and squash bugs!
> * Second, report false positives, fix bugs, improve the tools
To both ends, it would be very useful to have some way of following,
incrementally, the availability of new runs and/or package
information. For instance, having RSS/Atom feeds of new entries in the
DACA log would be very nice.
> * Third, join the DACA project
> More hands are needed to evaluate other tools, setup an infrastructure for
> running them, and finally generating the web reports.
> Discussing tools already available at DACA is also welcome.
>
> There's a project request at Alioth pending its approval, but once
> accepted access to the repository and mailing lists will be found at:
>
> http://alioth.debian.org/projects/daca
It is now approved, but apparently no VCS is associated to it.
Thanks a lot for this initiative!
Cheers.
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
z...@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Quando anche i santi ti voltano le spalle, | . |. I've fans everywhere
ti resta John Fante -- V. Capossela ...| ..: |.. -- C. Adams
signature.asc
Description: Digital signature
Re: exim-using packages - are you relying on -C or -D options?
Andreas Metzler writes ("Re: exim-using packages - are you relying on -C or -D
options?"):
> The current status (GIT head) simply adds a file which contains a *list*
> of trusted configuration files instead of a prefix.
That's good enough for me. And it should be good enough for anyone
else because you can have anything which needs to generate a config on
the fly edit the list (via something like userv if it isn't already
running as root).
Thanks for taking the time to discuss and investigate this. I
appreciate the attention to detail and particularly to compatibility :-).
Ian.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/19727.15460.182545.128...@chiark.greenend.org.uk
Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
Florian Weimer (Sa 18 Dez 2010 21:41:43 CET): > * Heiko Schlittermann: > > > Could this somehow trigger this (unexpected) behaviour of a failing > > validation? But why does it work for somebody (anybody?) else using this > > version of bind? (output of the CHAOS version.bind query: "9.6-ESV-R3") > > Obviously, it works for me, in quite a similar setup (consumer > Internet from Deutsche Telekom, among other things). > > Can you show us the output from: > > dig +cd +dnssec ftp.debian.org DS ; <<>> DiG 9.6-ESV-R3 <<>> +cd +dnssec ftp.debian.org DS ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12843 ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;ftp.debian.org.IN DS ;; ANSWER SECTION: ftp.debian.org. 3574IN DS 40396 5 2 94E9380BA08A219B09D754C922A920B7DC57FBC01D718195A4B9C3B3 EBE350EE ftp.debian.org. 3574IN DS 40396 5 1 A32112A2E98C1AD75745609F9B7313B4DE95380B ftp.debian.org. 3574IN RRSIG DS 7 3 3600 20110111224900 20101214224900 42257 debian.org. iHNV5yTqrC8hShWErV90NwXGxQXBbWarj/7+UYpSg6NDqjX0CFXf8J21 x1B/YvhxDkUHpPwrq/YLhvVlx4E9mCvXqklyQsmmktQT4vU72qudJoJ7 cVCrwyUoFwWWtdvdJ1lwyjk/SXhOIHmzjexESUF/sHOT4rnrmmyhfRXp A1Ab8DfnbxoxTNvVZ/fjxDid ;; Query time: 2 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Dec 20 13:44:19 2010 ;; MSG SIZE rcvd: 313 > dig +cd +dnssec ftp.debian.org DNSKEY ; <<>> DiG 9.6-ESV-R3 <<>> +cd +dnssec ftp.debian.org DNSKEY ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57772 ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;ftp.debian.org.IN DNSKEY ;; ANSWER SECTION: ftp.debian.org. 28800 IN DNSKEY 256 3 5 AwEAAbKb7JLMdZbv5Ao/WndIcKiSajrEOzDggGF4JZGhkB/KD74sdZP4 Stx47dJqUCOoA2ULnN3vtovBZbUdOkTFi2cSNuyzt6r4WnSmSi+iVtth 4yTroUSirmT3dSQYU6Ouz6XhtqmwSL6kO94GHSg0rOYr2qDd0lu3uqs8 gOCt+H3WHb1R+kl6yvFT1eb7cbmknQ== ftp.debian.org. 28800 IN DNSKEY 256 3 5 AwEAAd2Q5QHO6rL3wGJET0d5foLUwiEZwXpRodq7j+70fKBTL5jEl6AB xpnt/zUHm62u1sYyDhv/mtB0q6cUKm6EnQ03WTiUU2n656fdjtaC+71D 2B8KYv4uVHxVya5lEaxIklGLJvSnPwClkClanrCeCf0ALqfC74nOAZzy sWJ4iDfIth4DX9gcRrNf7lwcShr+Vw== ftp.debian.org. 28800 IN DNSKEY 257 3 5 AwEAAanX1lSBuFPJX67wvJVJ81hkv1bV1BiqojH3pwdkxusxthvaLbGE bHWO4n3uY1gBhYw6ycRpyAUbjLE1NySzjpvfJY5KrLVPh1F89jyo9l16 nlevXODge/Y5+Q0lOZhNhTDkt+c/Xvf0WfnkWZZVYY3SAZpZP5FBdkpI idbyXKMF63JYkYoRSC5gaURYRy6NwJrhUXTRDPPRC0sf7sw1ganNodDy 6P7KqrWXdUOMBgFfHyQN3BmWjMRVdiY9N2+BnQ== ftp.debian.org. 28800 IN RRSIG DNSKEY 5 3 28800 20110110133902 20101213133902 9783 ftp.debian.org. v0ug+Kxv8QeSHZg7doZQUnsbKrAnuegSGX+Nfe7BmezONMyXXnbH8TC/ CCw3qQBBSltEJY1ytyvicfQnCaHXDc1vDvR9e6kzjoFFJxnSpNKsZXkh HtTSuO9RwmwWHQocpv06AOcRL2HeNl6hQcRh+28HGq3bgWveuRASEgKD u9eHCuQqtSrk97ymRJzNArON ftp.debian.org. 28800 IN RRSIG DNSKEY 5 3 28800 20110110133902 20101213133902 40396 ftp.debian.org. FenuaVpG8s5hjyRdyEmcAzXA/JtGsF7V1LqZeQZJ8pwlB6gidgCAUXDW wGjZBzzJl48LklxrSxyZDxdtN99/7lbDFgIEsmN5MabeQz6WCP2GBFq6 A/nQJzLpPnZTqhw5pgfqTCjEyvOEVembqrEX4nU7QzeuYON0p6Y2I49Z PHpurX20dxW7DoLtXjeduUF0uTFVk6ToKt4SOpWcUF3syUeoyLzza7S1 7VaeqLdi0L0u2CE907HQZKP1m3KaFWWN ;; Query time: 245 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Dec 20 13:44:45 2010 ;; MSG SIZE rcvd: 1011 > dig +cd +dnssec ftp.debian.org A ; <<>> DiG 9.6-ESV-R3 <<>> +cd +dnssec ftp.debian.org A ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11161 ;; flags: qr rd ra cd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;ftp.debian.org.IN A ;; ANSWER SECTION: ftp.debian.org. 300 IN A 130.89.149.226 ftp.debian.org. 300 IN RRSIG A 5 3 300 20110110133902 20101213133902 9783 ftp.debian.org. GiKr7xnrmvBIdRT5VYxHWXzMae9KhHo09Qyx1+l5l4YNbpIiUw3aIkGp MOjsyETYy6hGVontU14me77sUChtI8tzGg11w9YKJopM46rplnTINpX+ U+ZVFIJtWaAyvLkmzPG3iZ8worZsWNEyShsqfl3lYqGl4Ma4jDPJDeHB KRdZFsIu5DPns153XwHmsvCw ;; AUTHORITY SECTION: ftp.debian.org. 3580IN NS geo3.debian.org. ftp.debian.org. 3580IN NS geo2.debian.org. ftp.debian.org. 3580IN NS geo1.debian.org. ftp.debian.org. 3600IN RRSIG NS 5 3 3600 20110110133902 20101213133902 9783 ftp.debian.org. w/Tl/57AtBttNFpfNlC5uWm2sSJfcmppkY085gxdCfJ+Xngf9AHoYwpv +G5sCo0WUXcEnqLt1Dkox14n5iCt2YukV9k43nIWo1baUTjllWM8vijk r3wYDom+KDEFN+9haU7e618jo2f9Gw9wyJDX4FZpepkk7EwjqwB1sZeU nAIcWVM+FsdJfWPeIuo/a0m6 ;; Query time: 62 msec ;; SER
Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
Hi Raphael, On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote: > = How can you help? = > > * First of all you can go and squash bugs! This would be greatly simplified if there was a way for a random packager to easily figure out if the DACA tools has found something in their packages. Most other tools that do per-package statistics (such as, say, lintian.d.o) provide such a page. Could you look into that? -- The biometric identification system at the gates of the CIA headquarters works because there's a guard with a large gun making sure no one is trying to fool the system. http://www.schneier.com/blog/archives/2009/01/biometrics.html -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101220125621.gi27...@celtic.nixsys.be
Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
* Wouter Verhelst , 2010-12-20, 13:56: = How can you help? = * First of all you can go and squash bugs! This would be greatly simplified if there was a way for a random packager to easily figure out if the DACA tools has found something in their packages. Most other tools that do per-package statistics (such as, say, lintian.d.o) provide such a page. Also, it would be nice if we could avoid showing links to pages that only say "Failed to parse xml" (whatever that means...) or "No issues found!". -- Jakub Wilk -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101220130409.ga...@jwilk.net
Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
Florian Weimer (Sa 18 Dez 2010 21:41:43 CET): > * Heiko Schlittermann: > > > Could this somehow trigger this (unexpected) behaviour of a failing > > validation? But why does it work for somebody (anybody?) else using this > > version of bind? (output of the CHAOS version.bind query: "9.6-ESV-R3") > > Obviously, it works for me, in quite a similar setup (consumer > Internet from Deutsche Telekom, among other things). Sure, that you've the very same version of bind? bind9: Installed: 1:9.6.ESV.R3+dfsg-0+lenny1 Candidate: 1:9.6.ESV.R3+dfsg-0+lenny1 Version table: *** 1:9.6.ESV.R3+dfsg-0+lenny1 0 990 http://security.debian.org lenny/updates/main Packages 100 /var/lib/dpkg/status 1:9.6.ESV.R1+dfsg-0+lenny2 0 990 http://ftp.de.debian.org lenny/main Packages On another new installed machine I've the same problem. As long as I keep the version of bind9. -- Heiko signature.asc Description: Digital signature
Re: Anybody else having problems w/ DNSSEC and ftp.debian.org?
* Heiko Schlittermann: >> Can you show us the output from: >> >> dig +cd +dnssec ftp.debian.org DS Same here. >> dig +cd +dnssec ftp.debian.org DNSKEY DNSKEYs are the same, but then we've got this: ftp.debian.org.IN DNSKEY 256 3 5 AwEAAbKb7JLMdZbv5Ao/WndIcKiSajrEOzDggGF4JZGhkB/KD74sdZP4 Stx47dJqUCOoA2ULnN3vtovBZbUdOkTFi2cSNuyzt6r4WnSmSi+iVtth 4yTroUSirmT3dSQYU6Ouz6XhtqmwSL6kO94GHSg0rOYr2qDd0lu3uqs8 gOCt+H3WHb1R+kl6yvFT1eb7cbmknQ== ftp.debian.org.IN DNSKEY 256 3 5 AwEAAd2Q5QHO6rL3wGJET0d5foLUwiEZwXpRodq7j+70fKBTL5jEl6AB xpnt/zUHm62u1sYyDhv/mtB0q6cUKm6EnQ03WTiUU2n656fdjtaC+71D 2B8KYv4uVHxVya5lEaxIklGLJvSnPwClkClanrCeCf0ALqfC74nOAZzy sWJ4iDfIth4DX9gcRrNf7lwcShr+Vw== ftp.debian.org.IN DNSKEY 257 3 5 AwEAAanX1lSBuFPJX67wvJVJ81hkv1bV1BiqojH3pwdkxusxthvaLbGE bHWO4n3uY1gBhYw6ycRpyAUbjLE1NySzjpvfJY5KrLVPh1F89jyo9l16 nlevXODge/Y5+Q0lOZhNhTDkt+c/Xvf0WfnkWZZVYY3SAZpZP5FBdkpI idbyXKMF63JYkYoRSC5gaURYRy6NwJrhUXTRDPPRC0sf7sw1ganNodDy 6P7KqrWXdUOMBgFfHyQN3BmWjMRVdiY9N2+BnQ== -ftp.debian.org.IN RRSIG DNSKEY 5 3 28800 20110117141747 20101220141747 40396 ftp.debian.org. Ol3z3D9HUqkLIwHye/XwTYyIU3YdJ3GuPKp2RnrP3QkMPCyd6iR6gW8w zh2TCDVZN4NpmFLoApDWFLjavk4WO+5lksA4nseBOc9gs/pR2z41P9cN iLyEa5VUOWKQPcXnHDrQHiBRYTsHOoyTE7IRWwSqmkBpPvITrCisSeUT c8qdTa/xpmbVw49eiG+EqGOJkbQKwdeHXOpQLhmF0FyPDD9ZvHIMHS4+ RCF/eucWdhfp/lx+7F8HFXC7OzjC/NOY -ftp.debian.org.IN RRSIG DNSKEY 5 3 28800 20110117141747 20101220141747 9783 ftp.debian.org. cI/DJ/lAFVbFgxdZ/B6d7IKG3/M6Jf0EgxCCc1jc8j5u+FsdjKr3Y6Ie NeDNwbmu7o3tr6tTj2q1dxhESlz4aLF+GUB7apJ4PlhNO86fkq1J16ii Rod91FOKNAetC4T12EZEt6twYhp8QI7/upqkkJCb/44+qLTvygb1PLKr T+9ROlVitFEzvUakxbUCiR3N +ftp.debian.org.IN RRSIG DNSKEY 5 3 28800 20110110133902 20101213133902 40396 ftp.debian.org. FenuaVpG8s5hjyRdyEmcAzXA/JtGsF7V1LqZeQZJ8pwlB6gidgCAUXDW wGjZBzzJl48LklxrSxyZDxdtN99/7lbDFgIEsmN5MabeQz6WCP2GBFq6 A/nQJzLpPnZTqhw5pgfqTCjEyvOEVembqrEX4nU7QzeuYON0p6Y2I49Z PHpurX20dxW7DoLtXjeduUF0uTFVk6ToKt4SOpWcUF3syUeoyLzza7S1 7VaeqLdi0L0u2CE907HQZKP1m3KaFWWN +ftp.debian.org.IN RRSIG DNSKEY 5 3 28800 20110110133902 20101213133902 9783 ftp.debian.org. v0ug+Kxv8QeSHZg7doZQUnsbKrAnuegSGX+Nfe7BmezONMyXXnbH8TC/ CCw3qQBBSltEJY1ytyvicfQnCaHXDc1vDvR9e6kzjoFFJxnSpNKsZXkh HtTSuO9RwmwWHQocpv06AOcRL2HeNl6hQcRh+28HGq3bgWveuRASEgKD u9eHCuQqtSrk97ymRJzNArON - is mine, + is yours. Do you still see the 20101220141747 signature, or has your view since updated to 20101213133902 or later? Please also post the output of: dig +cd +dnssec ftp.debian.org TXT -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87y67k6tz2@mid.deneb.enyo.de
Bug#607675: ITP: libjgoodies-common-java -- JGoodies Common library
Package: wnpp Owner: gregor herrmann Severity: wishlist X-Debbugs-CC: debian-devel@lists.debian.org, tmanc...@debian.org * Package name: libjgoodies-common-java Version : 1.1.1 Upstream Author : Karsten Lentzsch * URL : http://www.jgoodies.com/downloads/libraries.html * License : BSD-3 Programming Lang: Java Description : JGoodies Common library The JGoodies Common library provides convenience code for other JGoodies libraries and applications. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101220223242.ga1...@belanna.comodo.priv.at
Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
Hi, Javier Fernández-Sanguino Peña wrote: > On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote: >> = What is there for everyone? = >> >> At the moment there are only partial reports from two tools, but the list >> of tools to be evaluated and possibly included goes over twenty. > > I would be glad if the tools included some security auditing tools such > as: > > + Available as Debian packages >- RATS: security auditing utility for C, C++, PHP, Perl, and Python >code >- Flawfinder: securty flaw search tool for C/C++ source code To be honest, the results of both tools are usually just noise and it would be better if the C/C++ checks that are not implemented by cppcheck were contributed. I'm not opposed to running them either, but they will be down on my To-Do list. If anyone has a few minutes to come up with the right scripts and tweaks to the web reports, please subscribe and email the daca- de...@lists.alioth.d.o list. >- Split: a tool for statically checking C programs for bugs Splint has better results than rats and flawfinder, but the same arguments apply. >- Jlint: Tool to check Java code for bugs, inconsistencies and > synchronization problems > > + There are some other static security analysis currently not available > in Debian, such as: >- FindBugs: a tool for static analysis of Java code > http://findbugs.sourceforge.net/ >- JCSC: Java source code checker - http://jcsc.sourceforge.net/ >- PMD: Tool to review Java code for bugs - http://pmd.sourceforge.net/ > > As Debian is getting more java code in now it would be worth it to have > some Jave tools in the toolbox too. Niels Thykier said he would look into the java stuff, so that's probably covered (if more people want to join, they are of course welcome.) Thanks for your email. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d0ff7ed.0421970a.166e.6...@mx.google.com
Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
Wouter Verhelst wrote: > Hi Raphael, > > On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote: >> = How can you help? = >> >> * First of all you can go and squash bugs! > > This would be greatly simplified if there was a way for a random > packager to easily figure out if the DACA tools has found something in > their packages. Most other tools that do per-package statistics (such > as, say, lintian.d.o) provide such a page. > > Could you look into that? Yes, it's on my To-Do list. The current web interface only really knows about "files," nothing else. The indexes are just readdir()s along with some hashes to make the output a bit nicer (yeah, you can laugh.) I will finish responding to emails and then get the code on a repository (the alioth project has been accepted now.) Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d0ff895.04a8960a.49e8.6...@mx.google.com
Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
Jakub Wilk wrote: > * Wouter Verhelst , 2010-12-20, 13:56: >>> = How can you help? = >>> >>> * First of all you can go and squash bugs! >> >>This would be greatly simplified if there was a way for a random >>packager to easily figure out if the DACA tools has found something in >>their packages. Most other tools that do per-package statistics (such >>as, say, lintian.d.o) provide such a page. > > Also, it would be nice if we could avoid showing links to pages that > only say "Failed to parse xml" (whatever that means...) or "No issues > found!". Only sid-old should be displaying empty reports by default since some hours after the announcement. I should probably add some notes about sid-old, since it is rather old, the version of cppcheck varied a bit between package checks and some reports are incomplete. For sid, squeeze, and lenny wherever there was a "failed to parse xml" error it should now display a better message. If you encounter any of those there, then please report it (as instructed on the page.) The reports in those directories that used to display that error message but that it is somehow possible for the generator to recover from the error should now display as much of the report as it can. E.g. http://qa.debian.org/daca/cppcheck/sid/google-mock_1.4.0-3.html http://qa.debian.org/daca/cppcheck/sid/scheme2c_1993.3.15.2-10.html Those error occur whenever cppcheck is killed (usually because of a memory limit.) Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ieou1h$2l...@dough.gmane.org
Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
Stefano Zacchiroli wrote: > On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote: >> It's been a while since I started working on this project and even >> longer since I had the idea. It's therefore a pleasure to finally >> announce the DACA project. > > Very cool achievement, thanks for it! > >> Current tools: cppcheck, and checkbashisms (at the source package >> level.) > > Have you already thought about Coccinelle? [1,2] In the context of IRILL > I'm working with some of the authors and we have already anticipated > with them the idea of having Coccinelle runs on the Debian code base. It > was just at a brainstorming level up to now, but now that I know about > DACA it clearly makes sense to integrate with your effort. I knew about Coccinelle, but hadn't thought about running it. Are there pre- made patches that could be used? >> * First of all you can go and squash bugs! >> * Second, report false positives, fix bugs, improve the tools > > To both ends, it would be very useful to have some way of following, > incrementally, the availability of new runs and/or package > information. For instance, having RSS/Atom feeds of new entries in the > DACA log would be very nice. Yes, the web reports were just the results of some hours hacking here and there to get something out of the xml files. All of the web frontend should be redone. >> * Third, join the DACA project >> More hands are needed to evaluate other tools, setup an infrastructure >> for running them, and finally generating the web reports. >> Discussing tools already available at DACA is also welcome. >> >> There's a project request at Alioth pending its approval, but once >> accepted access to the repository and mailing lists will be found at: >> >> http://alioth.debian.org/projects/daca > > It is now approved, but apparently no VCS is associated to it. GForge bug, worked around by the admins now. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ieoul8$7l...@dough.gmane.org
Re: Introducing the "Debian's Automated Code Analysis" (DACA) project
Out of my curiosity/ignorance, have you considered Dehydra and Treehydra of Mozilla for inclusion? On Tue, Dec 21, 2010 at 4:13 AM, Raphael Geissert wrote: > Hi, > > Javier Fernández-Sanguino Peña wrote: > >> On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote: >>> = What is there for everyone? = >>> >>> At the moment there are only partial reports from two tools, but the list >>> of tools to be evaluated and possibly included goes over twenty. >> >> I would be glad if the tools included some security auditing tools such >> as: >> >> + Available as Debian packages >> - RATS: security auditing utility for C, C++, PHP, Perl, and Python >> code >> - Flawfinder: securty flaw search tool for C/C++ source code > > To be honest, the results of both tools are usually just noise and it would > be better if the C/C++ checks that are not implemented by cppcheck were > contributed. > I'm not opposed to running them either, but they will be down on my To-Do > list. If anyone has a few minutes to come up with the right scripts and > tweaks to the web reports, please subscribe and email the daca- > de...@lists.alioth.d.o list. > >> - Split: a tool for statically checking C programs for bugs > > Splint has better results than rats and flawfinder, but the same arguments > apply. > >> - Jlint: Tool to check Java code for bugs, inconsistencies and >> synchronization problems >> >> + There are some other static security analysis currently not available >> in Debian, such as: >> - FindBugs: a tool for static analysis of Java code >> http://findbugs.sourceforge.net/ >> - JCSC: Java source code checker - http://jcsc.sourceforge.net/ >> - PMD: Tool to review Java code for bugs - http://pmd.sourceforge.net/ >> >> As Debian is getting more java code in now it would be worth it to have >> some Jave tools in the toolbox too. > > Niels Thykier said he would look into the java stuff, so that's probably > covered (if more people want to join, they are of course welcome.) > > Thanks for your email. > > Cheers, > -- > Raphael Geissert - Debian Developer > www.debian.org - get.debian.net > > > -- > To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4d0ff7ed.0421970a.166e.6...@mx.google.com > > -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlktim4arlb_t-+cpdy8mvo5aqresizmsxk22cmp...@mail.gmail.com
