Comment 3 for bug 1388889

I reviewed iucode-tool version 1.1.1-1 as checked into vivid. This should
not be considered a full security audit but rather a quick gauge of
maintainability.

- iucode-tool manages and loads firmware for Intel CPUs
- Build-Depends: debhelper, autotools-dev, automake, autoconf
- No cryptography
- No networking
- Does not daemonize
- No pre/post inst/rm
- No initscripts
- No dbus services
- No setuid
- One binary, iucode_tool, and symlink iucode-tool
- No sudo fragments
- No udev rules
- No cronjobs
- No test suite, not really a surprise
- Clean build logs

- No subprocesses spawned
- Memory management is careful
- File names are given by the platform
- Logging looks safe
- No environment variables used
- No cryptography
- No networking
- No privileged portions of code
- No temporary files
- No WebKit
- No PolicyKit
- No JavaScript
- Clean cppcheck

iucode-tool is short and sweet: careful, methodical, some nice helper
routines, good comments.

Security team ACK for promoting to restricted or main as appropriate.