Main Inclusion Report for puppet

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/p/puppet; available for all supported architectures or some subset ?

2. Rationale:

   • Provide a tool for configuraion management for large installations and dynamic cloud deployment.

3. Security:

   • No CVE entries.

   • No Secunia history.

   • No binaries running as root or suid/sgid ?
   • Runs the puppetd daemon and puppetmasterd daemon.
   • Due to the nature of puppet it accepts incoming and outcoing network data and opens a port as well.
   • Directly (not through a library) processes structured data.
   • No source code review performed.

4. Quality assurance:

   • The situation where the package does not work out of the box is that the configuration files are misconfigured or the puppet reciepes are incorrect.
   • The package does not ask any debconf questions.

   • Debian bugs: 518831 is particularily interesting.

   • Maintenance in Debian is vigorous.

   • Upstream is frentic.

   • [http://projects.reductivelabs.com/projects/puppet/issues?set_filter=1 |Upstream bug tracker]]

   • Does not deal with any special hardware.
   • There is an upstream test suite but its not enabled in the build.

5. Standards compliance:

   • FHS and Debian Policy compliant.

   • Uses debhelper with no patch system.

6. Dependencies: ruby, libopenssl-ruby, facter, openssl, debhelper,libxmlrpc-ruby, libopenssl-ruby, libshadow-ruby1.8, adduser, facter, lsb-base

   • All are in main except facter, libxmlrpc-ruby, libshadow-ruby1.8

7. Maintenance:

   • Since its a popular package in debian and used by companies like google it is a well maintained package. The Ubuntu server team will responsible for taking care of the package in Ubuntu which includes monitoring and fixing bugs.

Reviewers

MIR bug: https://launchpad.net/bugs/BUGNUMBER

The author of this report should put their name here; reviewers will add comments etc. too