* Should use system zlib
* virtuoso-t should be installed in /usr/lib since it doesn't run sanely alone in /usr/bin (and lacks a man page)
* Config files (*.cfg) are all out of the local directory. virtuoso-t should only be run from a safe location in a user's home directory where no surprise settings can be injected.
* libsrc/Wi/bif_files.c should be changed to force all the "if (do_os_calls)" checks to fail, regardless of configuration setting. This seems like a dangerous ability for it to have.
There is a lot of memory allocation code, but given how far removed from direct 3rd party data this software will be, I'm relatively comfortable with that. I would, however, expect that this code will need attention during the lifetime of Lucid.
If the above 4 points can be addressed (#3 is actually in nepomuk, I think), this would be okay for main, given that it is a very stripped down version of virtuoso-opensource.
* Should use system zlib Wi/bif_ files.c should be changed to force all the "if (do_os_calls)" checks to fail, regardless of configuration setting. This seems like a dangerous ability for it to have.
* virtuoso-t should be installed in /usr/lib since it doesn't run sanely alone in /usr/bin (and lacks a man page)
* Config files (*.cfg) are all out of the local directory. virtuoso-t should only be run from a safe location in a user's home directory where no surprise settings can be injected.
* libsrc/
There is a lot of memory allocation code, but given how far removed from direct 3rd party data this software will be, I'm relatively comfortable with that. I would, however, expect that this code will need attention during the lifetime of Lucid.
If the above 4 points can be addressed (#3 is actually in nepomuk, I think), this would be okay for main, given that it is a very stripped down version of virtuoso- opensource.