MainInclusionM2crypto
|
Size: 3258
Comment:
|
← Revision 6 as of 2009-09-22 16:11:08 ⇥
Size: 5457
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## page was renamed from MainInclusionM2crpyto | |
| Line 2: | Line 3: |
* [[https://launchpad.net/ubuntu/+source/m2crypto|ubuntu/m2crypto at launchpad]] * [[https://launchpad.net/ubuntu/+source/m2crypto|packages.ubuntu.com/source/karmic/m2crypto]] |
|
| Line 5: | Line 9: |
| 0. ''Availability:'' [[http://archive.ubuntu.com/ubuntu/pool/universe/m/m2crypto]]; available for all supported architectures or some subset ? | 0. ''Availability:'' [[http://archive.ubuntu.com/ubuntu/pool/universe/m/m2crypto]]; available for all supported architectures or some subset ? only currently built for amd64, i386. |
| Line 7: | Line 11: |
| * Why is this package needed? What feature(s) does it add? Does upstream expect it? Plain text description of expected use * Build dependency of ... * |
* ''Why is this package needed? What feature(s) does it add?'' Per the projects homepage, "M2Crypto is the most complete Python wrapper for OpenSSL". Specifically, portions used by euca2ools include [[http://www.heikkitoivonen.net/m2crypto/api/toc-M2Crypto.EVP-module.html|EVP]], [[http://www.heikkitoivonen.net/m2crypto/api/toc-M2Crypto.RSA-module.html|RSA]], and [[http://www.heikkitoivonen.net/m2crypto/api/toc-M2Crypto.X509-module.html|X509]]. ''Does upstream expect it?'' Upstream has not been contacted. ''Plain text description of expected use:'' The primary motivation for this request is the use of the library by the [[MainInclusionEuca2ools|euca2ools]] package. * This package is a runtime dependency of euca2ools |
| Line 11: | Line 14: |
| * [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=m2crypto|CVE entries]]: ... * [[http://secunia.com/search/?search=m2crypto|Secunia history]]: ... * Any binaries running as root or suid/sgid ? Any daemons ? * Network activity: does it open any port ? Does it handle incoming network data ? * Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? * Any source code review performed ? (The approver will do a quick and shallow check.) |
* [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=m2crypto|CVE entries]]: Most are issues around not checking return values from openssl library calls. * [[http://secunia.com/search/?search=m2crypto|Secunia history]]: None * ''Any binaries running as root or suid/sgid ?'' No. It is only a library. ''Any daemons ?'' No. * ''Network activity: does it open any port ?'' The library offers function for ssl network both incoming and outgoing, but requires an application to use them. ''Does it handle incoming network data ?'' No * ''Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ?'' No * ''Any source code review performed ?'' No extensive review. |
| Line 18: | Line 21: |
| * In what situations does the package not work out of the box without configuration ? * Does the package ask any debconf questions higher than priority 'medium' ? * [[http://bugs.debian.org/src:m2crypto|Debian bugs]]: (mention any that are particularly relevant, and any showstoppers) * [[http://packages.qa.debian.org/m/m2crypto.html|Maintenance in Debian]] is frenetic/vigorous/calm/dead ? * [[http://sandbox.rulemaker.net/ngps/m2/|Upstream]] is frenetic/vigorous/calm/dead ? * [[http://|Upstream bug tracker]]: (mention any particularly relevant or critical) * Hardware: Does this package deal with hardware and if so how exotic is it ? * Is there a test suite in the upstream source or packaging ? Is it enabled to run in the build ? |
* ''In what situations does the package not work out of the box without configuration ?'' The library should generally work out of the box. * ''Does the package ask any debconf questions higher than priority 'medium' ?'' No * [[http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=m2crypto;dist=unstable|Debian bugs]]: 1 open bug [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515|511515]] is possibly relevant as apps might not be able to ascertain success of a few method calls. * [[http://packages.qa.debian.org/m/m2crypto.html|Maintenance in Debian]] is vigorous (4 packages in 2009) * [[http://chandlerproject.org/Projects/MeTooCrypto|Upstream]] is active/calm ([[http://websvn.osafoundation.org/rss.php?repname=m2crypto&path=%2Ftrunk%2F&rev=0&sc=0&isdir=1|checkins]] * [[https://bugzilla.osafoundation.org/buglist.cgi?short_desc_type=allwordssubstr&product=M2Crypto&long_desc_type=substring&bug_file_loc_type=allwordssubstr&status_whiteboard_type=allwordssubstr&keywords_type=allwords&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0=|Upstream bug tracker]]: [[https://bugzilla.osafoundation.org/show_bug.cgi?id=8674|bug 8674: urllib.urlopen.readlines() of https:// URL causes max CPU" is at least a bit annoying. * ''Hardware: Does this package deal with hardware and if so how exotic is it ?'' No specific/direct hardware interaction. * ''Is there a test suite in the upstream source or packaging ?'' yes ''Is it enabled to run in the build ?'' No |
| Line 27: | Line 30: |
| * User-visible strings are internationalized using standard gettext system ? * Package with translatable strings builds a PO template during package build ? * End-user applications ship a desktop file ? 0. ''Standards compliance:'' * [[http://www.pathname.com/fhs/|FHS]], [[http://www.de.debian.org/doc/debian-policy/|Debian Policy]] compliance ? * Packaging system (debhelper/cdbs/dbs) ? Patch system ? Any packaging oddities ? |
* ''User-visible strings are internationalized using standard gettext system ?'' No internationalized strings are provided from the library itself. * ''Package with translatable strings builds a PO template during package build ?'' Not applicable. * ''End-user applications ship a desktop file ?'' Not applicable. 0. ''Standards compliance:'' * ''[[http://www.pathname.com/fhs/|FHS]]'': Yes. ''[[http://www.de.debian.org/doc/debian-policy/|Debian Policy]] compliance ?'': Yes. * ''Packaging system (debhelper/cdbs/dbs) ?'' debhelper. ''Patch system ?'' None. ''Any packaging oddities ?'' No. |
| Line 34: | Line 37: |
| * ... * Are these all in main ? |
* python * python-support * libc6 * libssl * ''Are these all in main ?'' Yes |
| Line 37: | Line 43: |
| * How much maintenance is this package likely to need ? (Simple packages may largely take care of themselves; complex packages will need dedicated developers paying attention to them.) * Who is responsible for monitoring the quality of this package and fixing its bugs ? Are they Ubuntu or Debian developers ? * Who is the package bug contact in Ubuntu? (Needs one if its a nontrivial package which does not fully maintain itself through Debian) |
* ''How much maintenance is this package likely to need ?'' The debian package is reasonably maintained. There have been ubuntu-authored changes have been for python version changes. The current upstream version (0.19) was also pulled into ubuntu before debian (but debian now has it). * ''Who is responsible for monitoring the quality of this package and fixing its bugs ?'' Upstream. * ''Who is the package bug contact in Ubuntu?'' Currently no teams or people subscribed to bugmail. |
| Line 41: | Line 47: |
| * The general purpose and context of the package should be clear from the package's debian/control file. If it isn't then please explain. * What do upstream call this software ? Has it had different names in the past ? |
* The general purpose and context of the package should be clear from the package's [[http://bazaar.launchpad.net/%7Eubuntu-branches/ubuntu/karmic/m2crypto/karmic/annotate/head%3A/debian/control|debian/control]] file. * ''What do upstream call this software ?'' M2Crypto. ''Has it had different names in the past ?'' Not Recently |
| Line 44: | Line 50: |
| * Are graphical applications translatable? Do they support gettext? | * ''Are graphical applications translatable? Do they support gettext?'' Not Applicable |
| Line 48: | Line 54: |
| MIR bug: [[https://launchpad.net/bugs/BUGNUMBER]] | MIR bug: [[https://launchpad.net/bugs/434723]] |
| Line 50: | Line 56: |
| ''The author of this report should put their name here; reviewers will add comments etc. too'' | == Author == * Scott Moser |
Main Inclusion Report for m2crypto
Requirements
Availability: http://archive.ubuntu.com/ubuntu/pool/universe/m/m2crypto; available for all supported architectures or some subset ? only currently built for amd64, i386.
Rationale:
Why is this package needed? What feature(s) does it add? Per the projects homepage, "M2Crypto is the most complete Python wrapper for OpenSSL". Specifically, portions used by euca2ools include EVP, RSA, and X509. Does upstream expect it? Upstream has not been contacted. Plain text description of expected use: The primary motivation for this request is the use of the library by the euca2ools package.
- This package is a runtime dependency of euca2ools
Security:
CVE entries: Most are issues around not checking return values from openssl library calls.
Secunia history: None
Any binaries running as root or suid/sgid ? No. It is only a library. Any daemons ? No.
Network activity: does it open any port ? The library offers function for ssl network both incoming and outgoing, but requires an application to use them. Does it handle incoming network data ? No
Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? No
Any source code review performed ? No extensive review.
Quality assurance:
In what situations does the package not work out of the box without configuration ? The library should generally work out of the box.
Does the package ask any debconf questions higher than priority 'medium' ? No
Debian bugs: 1 open bug 511515 is possibly relevant as apps might not be able to ascertain success of a few method calls.
Maintenance in Debian is vigorous (4 packages in 2009)
Upstream bug tracker: [[https://bugzilla.osafoundation.org/show_bug.cgi?id=8674|bug 8674: urllib.urlopen.readlines() of https:// URL causes max CPU" is at least a bit annoying.
Hardware: Does this package deal with hardware and if so how exotic is it ? No specific/direct hardware interaction.
Is there a test suite in the upstream source or packaging ? yes Is it enabled to run in the build ? No
UI standards:
User-visible strings are internationalized using standard gettext system ? No internationalized strings are provided from the library itself.
Package with translatable strings builds a PO template during package build ? Not applicable.
End-user applications ship a desktop file ? Not applicable.
Standards compliance:
FHS: Yes. Debian Policy compliance ?: Yes.
Packaging system (debhelper/cdbs/dbs) ? debhelper. Patch system ? None. Any packaging oddities ? No.
Dependencies:
- python
- python-support
- libc6
- libssl
Are these all in main ? Yes
Maintenance:
How much maintenance is this package likely to need ? The debian package is reasonably maintained. There have been ubuntu-authored changes have been for python version changes. The current upstream version (0.19) was also pulled into ubuntu before debian (but debian now has it).
Who is responsible for monitoring the quality of this package and fixing its bugs ? Upstream.
Who is the package bug contact in Ubuntu? Currently no teams or people subscribed to bugmail.
Background information:
The general purpose and context of the package should be clear from the package's debian/control file.
What do upstream call this software ? M2Crypto. Has it had different names in the past ? Not Recently
Internationalization:
Are graphical applications translatable? Do they support gettext? Not Applicable
Reviewers
MIR bug: https://launchpad.net/bugs/434723
Author
- Scott Moser
MainInclusionM2crypto (last edited 2009-09-22 16:11:08 by d14-69-66-169)