Differences between revisions 23 and 25 (spanning 2 versions)
Revision 23 as of 2014-01-16 03:23:45
Size: 1589
Editor: PaulWise
Comment: mention dedup too
Revision 25 as of 2014-08-29 15:44:09
Size: 1752
Editor: PaulWise
Comment: link to external source code search engines
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
[[http://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles|Debian Policy 4.13]] states that Debian packages should not use convenience copies. [[https://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles|Debian Policy 4.13]] states that Debian packages should not use convenience copies.
Line 5: Line 5:
http://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=co https://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=co
Line 9: Line 9:
Lintian detects embedding of [[http://lintian.debian.org/tags/embedded-feedparser-library.html|feedparser]], common [[http://lintian.debian.org/tags/embedded-javascript-library.html|JavaScript]]/[[http://lintian.debian.org/tags/embedded-library.html|C/C++]]/[[http://lintian.debian.org/tags/embedded-pear-module.html|PEAR]]/[[http://lintian.debian.org/tags/embedded-php-library.html|PHP]] libraries and PostScript fragments ([[http://lintian.debian.org/tags/license-problem-font-adobe-copyrighted-fragment.html|1]] [[http://lintian.debian.org/tags/license-problem-font-adobe-copyrighted-fragment-no-credit.html|2]]). Lintian detects embedding of [[https://lintian.debian.org/tags/embedded-feedparser-library.html|feedparser]], common [[https://lintian.debian.org/tags/embedded-javascript-library.html|JavaScript]]/[[https://lintian.debian.org/tags/embedded-library.html|C/C++]]/[[https://lintian.debian.org/tags/embedded-pear-module.html|PEAR]]/[[https://lintian.debian.org/tags/embedded-php-library.html|PHP]] libraries and PostScript fragments ([[https://lintian.debian.org/tags/license-problem-font-adobe-copyrighted-fragment.html|1]] [[https://lintian.debian.org/tags/license-problem-font-adobe-copyrighted-fragment-no-credit.html|2]]).
Line 13: Line 13:
If you have a particular piece of code with some interesting aspect (security issue etc) you can likely find other copies using the [[DebianCodeSearch|Debian code search site]]. If you have a particular piece of code with some interesting aspect (security issue etc) you can likely find other copies using the [[DebianCodeSearch|Debian code search site]] or external code search engines such as [[https://code.ohloh.net/|Ohloh code]], [[https://searchcode.com/|searchcode]] and [[https://github.com/|GitHub]].

Debian Policy 4.13 states that Debian packages should not use convenience copies.

The list of packages embedding code from other projects is maintained in the secure-testing svn repository:

https://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=co

This list also contains information about code forks so that the security team can check if all forks contain the same vulnerabilities. Send suggestions or additions to secure-testing-team@lists.alioth.debian.org.

Lintian detects embedding of feedparser, common JavaScript/C/C++/PEAR/PHP libraries and ?PostScript fragments (1 2).

The Debian duplication detector detects duplicate files in binary packages and may be useful for detecting verbatim duplication of interpreted code and data.

If you have a particular piece of code with some interesting aspect (security issue etc) you can likely find other copies using the Debian code search site or external code search engines such as Ohloh code, searchcode and GitHub.