Comment 2 for bug 1187191

This should not be considered a complete security audit, but rather
a quick gauge of maintainability.

I audited python-markdown 2.3.1-1 as checked into Saucy.

- No CVE history
- Markdown's purpose is dual, first to make writing simple HTML easier,
  second to provide a safe way for untrusted users to produce HTML in
  web applications and elsewhere. Thus some input comes from trusted
  programmers, some input comes from untrusted users.
- Build-dep python-nose, python3-nose, are used as test runners.
- Build-dep python-tidylib is used during tests
  - python-markdown Suggests: the older python-utidylib for runtime use as
    one extension uses it
  - python3-markdown does not Suggest: python-tidylib, as no extensions use it
- No encryption, no networking, can use pygments, embeds portions of old
  ElementTree codebase
- No daemons, no services, no cron jobs, no init scripts, no dbus, no sudo
- One binary, simple markdown converter
- prerm cleans up postinst
- Clean build logs
- No spawned processes
- Defensive code often checks pre-conditions
- File manipulation looks safe, encodings managed using good tools
- No special environment variable handling
- No privileged operations
- Extensive tests run during build

python-markdown looks to be written in a professional manner. The extensive
tests would lend confidence to any maintenance that may become necessary.

Security team ACK for including into main.