MainInclusionM2crypto

Differences between revisions 3 and 4
Revision 3 as of 2009-09-21 20:32:10
Size: 3668
Editor: d14-69-66-169
Comment: page was renamed from MainInclusionM2crpyto
Revision 4 as of 2009-09-22 03:23:08
Size: 3895
Editor: d14-69-66-169
Comment:
Deletions are marked like this. Additions are marked like this.
Line 8: Line 8:
  * Why is this package needed? What feature(s) does it add?  Does upstream expect it?  Plain text description of expected use
  * Build dependency of ...
  * 		  * ''Why is this package needed? What feature(s) does it add?'' ''Does upstream expect it?'' Upstream has not been contacted. ''Plain text description of expected use''
  * This package is a runtime dependency of euca2ools
Line 12: Line 11:
  * [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=m2crypto|CVE entries]]: ...
  * [[http://secunia.com/search/?search=m2crypto|Secunia history]]: ...
  * Any binaries running as root or suid/sgid ?  Any daemons ?
  * Network activity: does it open any port ? Does it handle incoming network data ?
  * Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ?
  * Any source code review performed ?  (The approver will do a quick and shallow check.)		   * [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=m2crypto|CVE entries]]: '''TBD'''
  * [[http://secunia.com/search/?search=m2crypto|Secunia history]]: None
  * ''Any binaries running as root or suid/sgid ?'' No. It is only a library. ''Any daemons ?'' No.
  * ''Network activity: does it open any port ? Does it handle incoming network data ?'' No
  * ''Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ?'' No
  * ''Any source code review performed ?'' '''TBD'''
Line 19: Line 18:
  * In what situations does the package not work out of the box without configuration ?
  * Does the package ask any debconf questions higher than priority 'medium' ?
  * [[http://bugs.debian.org/src:m2crypto|Debian bugs]]: (mention any that are particularly relevant, and any showstoppers)
  * [[http://packages.qa.debian.org/m/m2crypto.html|Maintenance in Debian]] is frenetic/vigorous/calm/dead ?
  * [[http://chandlerproject.org/Projects/MeTooCrypto|Upstream]] is frenetic/vigorous/calm/dead ?
  * [[https://bugzilla.osafoundation.org/buglist.cgi?short_desc_type=allwordssubstr&product=M2Crypto&long_desc_type=substring&bug_file_loc_type=allwordssubstr&status_whiteboard_type=allwordssubstr&keywords_type=allwords&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0=|Upstream bug tracker]]: (mention any particularly relevant or critical)
  * Hardware: Does this package deal with hardware and if so how exotic is it ?
  * Is there a test suite in the upstream source or packaging ?  Is it enabled to run in the build ?		   * ''In what situations does the package not work out of the box without configuration ?'' The library should generally work out of the box.
  * ''Does the package ask any debconf questions higher than priority 'medium' ?'' No
  * [[http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=m2crypto;dist=unstable|Debian bugs]]: 1 open bug [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511515|511515]] is possibly relevant as apps might not be able to ascertain success of a few method calls.
  * [[http://packages.qa.debian.org/m/m2crypto.html|Maintenance in Debian]] is vigorous (4 packages in 2009)
  * [[http://chandlerproject.org/Projects/MeTooCrypto|Upstream]] is active/calm ([[http://websvn.osafoundation.org/rss.php?repname=m2crypto&path=%2Ftrunk%2F&rev=0&sc=0&isdir=1|checkins]]
  * [[https://bugzilla.osafoundation.org/buglist.cgi?short_desc_type=allwordssubstr&product=M2Crypto&long_desc_type=substring&bug_file_loc_type=allwordssubstr&status_whiteboard_type=allwordssubstr&keywords_type=allwords&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&cmdtype=doit&order=Reuse+same+sort+as+last+time&field0-0-0=noop&type0-0-0=noop&value0-0-0=|Upstream bug tracker]]: '''TBD'''
  * ''Hardware: Does this package deal with hardware and if so how exotic is it ?'' No specific/direct hardware interaction.
  * ''Is there a test suite in the upstream source or packaging ?'' '''TBD''' ''Is it enabled to run in the build ?'' '''TBD'''
Line 28: Line 27:
  * User-visible strings are internationalized using standard gettext system ?
  * Package with translatable strings builds a PO template during package build ?
  * End-user applications ship a desktop file ?		   * ''User-visible strings are internationalized using standard gettext system ?''
  * ''Package with translatable strings builds a PO template during package build ?''
  * ''End-user applications ship a desktop file ?''
Line 32: Line 31:
  * [[http://www.pathname.com/fhs/|FHS]], [[http://www.de.debian.org/doc/debian-policy/|Debian Policy]] compliance ?
  * Packaging system (debhelper/cdbs/dbs) ?  Patch system ?  Any packaging oddities ?		   * ''[[http://www.pathname.com/fhs/|FHS]], [[http://www.de.debian.org/doc/debian-policy/|Debian Policy]] compliance ?''
  * ''Packaging system (debhelper/cdbs/dbs) ?'' ''Patch system ?'' ''Any packaging oddities ?''
Line 35: Line 34:
  * ...
  * Are these all in main ?		   * python
  * python-support
  * libc6
  * libssl
  * ''Are these all in main ?'' Yes
Line 38: Line 40:
  * How much maintenance is this package likely to need ? (Simple packages may largely take care of themselves; complex packages will need dedicated developers paying attention to them.)
  * Who is responsible for monitoring the quality of this package and fixing its bugs ? Are they Ubuntu or Debian developers ?
  * Who is the package bug contact in Ubuntu? (Needs one if its a nontrivial package which does not fully maintain itself through Debian)		   * ''How much maintenance is this package likely to need ?''
  * ''Who is responsible for monitoring the quality of this package and fixing its bugs ?''
  * ''Who is the package bug contact in Ubuntu?''
Line 43: Line 45:
  * What do upstream call this software ? Has it had different names in the past ?   * ''What do upstream call this software ?'' M2Crypto. ''Has it had different names in the past ?'' Not Recently
Line 45: Line 47:
  * Are graphical applications translatable? Do they support gettext?   * ''Are graphical applications translatable? Do they support gettext?'' Not Applicable
Line 51: Line 53:
''The author of this report should put their name here; reviewers will add comments etc. too'' == Author ==
  * Scott Moser

Main Inclusion Report for m2crypto

Requirements

  1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/m/m2crypto; available for all supported architectures or some subset ?

  2. Rationale:

    • Why is this package needed? What feature(s) does it add? Does upstream expect it? Upstream has not been contacted. Plain text description of expected use

    • This package is a runtime dependency of euca2ools

  3. Security:

    • CVE entries: TBD

    • Secunia history: None

    • Any binaries running as root or suid/sgid ? No. It is only a library. Any daemons ? No.

    • Network activity: does it open any port ? Does it handle incoming network data ? No

    • Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? No

    • Any source code review performed ? TBD

  4. Quality assurance:

    • In what situations does the package not work out of the box without configuration ? The library should generally work out of the box.

    • Does the package ask any debconf questions higher than priority 'medium' ? No

    • Debian bugs: 1 open bug 511515 is possibly relevant as apps might not be able to ascertain success of a few method calls.

    • Maintenance in Debian is vigorous (4 packages in 2009)

    • Upstream is active/calm (checkins

    • Upstream bug tracker: TBD

    • Hardware: Does this package deal with hardware and if so how exotic is it ? No specific/direct hardware interaction.

    • Is there a test suite in the upstream source or packaging ? TBD Is it enabled to run in the build ? TBD

  5. UI standards:

    • User-visible strings are internationalized using standard gettext system ?

    • Package with translatable strings builds a PO template during package build ?

    • End-user applications ship a desktop file ?

  6. Standards compliance:

    • FHS, Debian Policy compliance ?

    • Packaging system (debhelper/cdbs/dbs) ? Patch system ? Any packaging oddities ?

  7. Dependencies:

    • python
    • python-support
    • libc6
    • libssl

    • Are these all in main ? Yes

  8. Maintenance:

    • How much maintenance is this package likely to need ?

    • Who is responsible for monitoring the quality of this package and fixing its bugs ?

    • Who is the package bug contact in Ubuntu?

  9. Background information:

    • The general purpose and context of the package should be clear from the package's debian/control file. If it isn't then please explain.

    • What do upstream call this software ? M2Crypto. Has it had different names in the past ? Not Recently

  10. Internationalization:

    • Are graphical applications translatable? Do they support gettext? Not Applicable

Reviewers

MIR bug: https://launchpad.net/bugs/BUGNUMBER

Author

  • Scott Moser

MainInclusionM2crypto (last edited 2009-09-22 16:11:08 by d14-69-66-169)