Main Inclusion Report for m2crypto
Availability: http://archive.ubuntu.com/ubuntu/pool/universe/m/m2crypto; available for all supported architectures or some subset ? only currently built for amd64, i386.
Why is this package needed? What feature(s) does it add? Per the projects homepage, "M2Crypto is the most complete Python wrapper for OpenSSL". Specifically, portions used by euca2ools include EVP, RSA, and X509. Does upstream expect it? Upstream has not been contacted. Plain text description of expected use: The primary motivation for this request is the use of the library by the euca2ools package.
- This package is a runtime dependency of euca2ools
CVE entries: Most are issues around not checking return values from openssl library calls.
Secunia history: None
Any binaries running as root or suid/sgid ? No. It is only a library. Any daemons ? No.
Network activity: does it open any port ? The library offers function for ssl network both incoming and outgoing, but requires an application to use them. Does it handle incoming network data ? No
Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? No
Any source code review performed ? No extensive review.
In what situations does the package not work out of the box without configuration ? The library should generally work out of the box.
Does the package ask any debconf questions higher than priority 'medium' ? No
Maintenance in Debian is vigorous (4 packages in 2009)
Upstream bug tracker: [[https://bugzilla.osafoundation.org/show_bug.cgi?id=8674|bug 8674: urllib.urlopen.readlines() of https:// URL causes max CPU" is at least a bit annoying.
Hardware: Does this package deal with hardware and if so how exotic is it ? No specific/direct hardware interaction.
Is there a test suite in the upstream source or packaging ? yes Is it enabled to run in the build ? No
User-visible strings are internationalized using standard gettext system ? No internationalized strings are provided from the library itself.
Package with translatable strings builds a PO template during package build ? Not applicable.
End-user applications ship a desktop file ? Not applicable.
Are these all in main ? Yes
How much maintenance is this package likely to need ? The debian package is reasonably maintained. There have been ubuntu-authored changes have been for python version changes. The current upstream version (0.19) was also pulled into ubuntu before debian (but debian now has it).
Who is responsible for monitoring the quality of this package and fixing its bugs ? Upstream.
Who is the package bug contact in Ubuntu? Currently no teams or people subscribed to bugmail.
Are graphical applications translatable? Do they support gettext? Not Applicable
MIR bug: https://launchpad.net/bugs/434723
- Scott Moser