This should not be considered a complete security audit, but rather a quick gauge of maintainability.
I audited python-markdown 2.3.1-1 as checked into Saucy. - No CVE history - Markdown's purpose is dual, first to make writing simple HTML easier, second to provide a safe way for untrusted users to produce HTML in web applications and elsewhere. Thus some input comes from trusted programmers, some input comes from untrusted users. - Build-dep python-nose, python3-nose, are used as test runners. - Build-dep python-tidylib is used during tests - python-markdown Suggests: the older python-utidylib for runtime use as one extension uses it - python3-markdown does not Suggest: python-tidylib, as no extensions use it - No encryption, no networking, can use pygments, embeds portions of old ElementTree codebase - No daemons, no services, no cron jobs, no init scripts, no dbus, no sudo - One binary, simple markdown converter - prerm cleans up postinst - Clean build logs - No spawned processes - Defensive code often checks pre-conditions - File manipulation looks safe, encodings managed using good tools - No special environment variable handling - No privileged operations - Extensive tests run during build python-markdown looks to be written in a professional manner. The extensive tests would lend confidence to any maintenance that may become necessary. Security team ACK for including into main. ** Changed in: python-markdown (Ubuntu) Assignee: Seth Arnold (seth-arnold) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1187191 Title: [MIR] python-markdown To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-markdown/+bug/1187191/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs