MainInclusionPython-Boto
|
Size: 3507
Comment: first cut at expressing maintenance requirements
|
← Revision 38 as of 2009-09-22 15:19:28 ⇥
Size: 4648
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = Main Inclusion Report for sourcepackage = '''Note''': when writing a report this template should be vigorously edited; as a rule of thumb, every individual point should be replaced with a description of the actual situation in the package in question. The purpose of the report is to convey information to the reviewer, so there is no problem with varying the text in the bullet items, or with adding additional information. Please be informative, and in particular be thorough in investigating and explaining any weaknesses and problems with the package. The purpose of the report is to show to the reviewer that the package has been properly investigated, and to give the reviewer the information from that investigation, for their decision. |
## page was copied from MainInclusionReportTemplate = Main Inclusion Report for python-boto = |
| Line 9: | Line 6: |
| 0. ''Availability:'' [[http://archive.ubuntu.com/ubuntu/pool/universe/s/sourcepackage]]; available for all supported architectures or some subset ? | 0. ''Availability:'' [[http://archive.ubuntu.com/ubuntu/pool/universe/p/python-boto]]; ''available for all supported architectures or some subset ?'' All. |
| Line 11: | Line 8: |
| * Build dependency of ... * |
* ''Why is this package needed? What feature(s) does it add?'' python-boto provides a library interface to amazon web services. It doesn't add anything specifically that couldn't be done otherwise, but provides a common library for multiple applications. ''Does upstream expect it?'' Upstream is unaware as far as I know. ''Plain text description of expected use:'' python-boto is used by both euca2ools and ec2-init to interface with amazon web services (ec2 api and query the ec2 metadata service). * This is a runtime dependency of both [[MainInclusionEuca2ools|euca2ools]] and [[MainInclusionEc2-Init|ec2-init]] |
| Line 14: | Line 11: |
| * [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=PRODUCT_NAME|CVE entries]]: ... * [[http://secunia.com/search/?search=PRODUCT_NAME|Secunia history]]: ... * Any binaries running as root or suid/sgid ? Any daemons ? * Network activity: does it open any port ? Does it handle incoming network data ? * Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? * Any source code review performed ? (The approver will do a quick and shallow check.) |
* [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=boto|CVE entries]]: ... * [[http://secunia.com/search/?search=boto|Secunia history]]: ... * ''Any binaries running as root or suid/sgid ?'' No, only a python library. ''Any daemons ?'' No * ''Network activity: does it open any port ?'' Python-boto makes outgoing http connections to the ec2 metadata service, which runs on http://169.254.169.254. ''Does it handle incoming network data ?'' No * ''Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ?'' No. It uses python libraries for xml parsing. * ''Any source code review performed ?'' I (Scott Moser) have quickly browsed through the source in looking for the cause of one bug. Other than that I am not aware of explicity code review. The library's fairly widespread attribute to its quality (or at very least to its usefulness). |
| Line 21: | Line 18: |
| * In what situations does the package not work out of the box without configuration ? * Does the package ask any debconf questions higher than priority 'medium' ? * [[http://bugs.debian.org/src:SOURCE_PACKAGE_NAME|Debian bugs]]: (mention any that are particularly relevant, and any showstoppers) * [[http://packages.qa.debian.org/S/SOURCE_PACKAGE_NAME.html|Maintenance in Debian]] is frenetic/vigorous/calm/dead ? * [[http://|Upstream]] is frenetic/vigorous/calm/dead ? * [[http://|Upstream bug tracker]]: (mention any particularly relevant or critical) * Hardware: Does this package deal with hardware and if so how exotic is it ? * Is there a test suite in the upstream source or packaging ? Is it enabled to run in the build ? |
* ''In what situations does the package not work out of the box without configuration ?'' None that I am aware of. * ''Does the package ask any debconf questions higher than priority 'medium' ?'' No. * [[http://bugs.debian.org/src:python-boto|Debian bugs]]: None * ''[[http://packages.qa.debian.org/p/python-boto.html|Maintenance in Debian]] is frenetic/vigorous/calm/dead ?'' It is fairly active, 9 new uploads in 2009. * ''[[http://boto.googlecode.com|Upstream]] is frenetic/vigorous/calm/dead ?'' Upstream is active. * [[http://code.google.com/p/boto/issues/list|Upstream bug tracker]]: Nothing of significant interest to euca2ools or ec2-init. The most concerning is [[http://code.google.com/p/boto/issues/detail?id=266|266 - serious bug with XmlHandler]] * ''Hardware: Does this package deal with hardware and if so how exotic is it ?'' * ''Is there a test suite in the upstream source or packaging ?'' Yes. ''Is it enabled to run in the build ?'' No. The test suite is based upon being able to connect to AWS to demonstrate its function. This would not be suitable for the build system. 0. ''UI standards:'' * ''User-visible strings are internationalized using standard gettext system ?'' No. * ''Package with translatable strings builds a PO template during package build ?'' No. * ''End-user applications ship a desktop file ?'' Not applicable |
| Line 31: | Line 32: |
| * [[http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html|Debian library packaging guide]] standards compliance ? * Packaging system (debhelper/cdbs/dbs) ? Patch system ? Any packaging oddities ? |
* ''Packaging system (debhelper/cdbs/dbs) ?'' debhelper. ''Patch system ?'' None. ''Any packaging oddities ?'' No. |
| Line 34: | Line 34: |
| * ... * Are these all in main ? |
* python * python-support * ''Are these all in main ?'' Yes |
| Line 37: | Line 38: |
| * How much maintenance is this package likely to need ? (Simple packages may largely take care of themselves; complex packages will need dedicated developers paying attention to them.) * Who is responsible for monitoring the quality of this package and fixing its bugs ? Are they Ubuntu or Debian developers ? |
* ''How much maintenance is this package likely to need ?'' With fairly active debian maintenance, there shouldn't be too much need for ubuntu maintenance. * ''Who is responsible for monitoring the quality of this package and fixing its bugs ?'' Debian Maintainer, Scott Moser, Soren Hanson, ubuntu-on-ec2 team. ''Are they Ubuntu or Debian developers ?''. Some Ubuntu developers. * ''Who is the package bug contact in Ubuntu?'' Scott Moser. |
| Line 40: | Line 42: |
| * The general purpose and context of the package should be clear from the package's debian/control file. If it isn't then please explain. * What do upstream call this software ? Has it had different names in the past ? |
* The general purpose and context of the package should be clear from the package's debian/control file. * ''What do upstream call this software ?'' 'boto' ''Has it had different names in the past ?'' No. At least not in 2 years it has been packaged for debian. 0. ''Internationalization:'' * ''Are graphical applications translatable? Do they support gettext?'' Not Applicable |
| Line 45: | Line 49: |
| MIR bug: [[https://launchpad.net/bugs/BUGNUMBER]] | MIR bug: [[https://launchpad.net/bugs/434701]] |
| Line 47: | Line 51: |
| ''The author of this report should put their name here; reviewers will add comments etc. too'' | == Author == * Scott Moser |
Main Inclusion Report for python-boto
Requirements
Availability: http://archive.ubuntu.com/ubuntu/pool/universe/p/python-boto; available for all supported architectures or some subset ? All.
Rationale:
Why is this package needed? What feature(s) does it add? python-boto provides a library interface to amazon web services. It doesn't add anything specifically that couldn't be done otherwise, but provides a common library for multiple applications. Does upstream expect it? Upstream is unaware as far as I know. Plain text description of expected use: python-boto is used by both euca2ools and ec2-init to interface with amazon web services (ec2 api and query the ec2 metadata service).
Security:
CVE entries: ...
Secunia history: ...
Any binaries running as root or suid/sgid ? No, only a python library. Any daemons ? No
Network activity: does it open any port ? Python-boto makes outgoing http connections to the ec2 metadata service, which runs on http://169.254.169.254. Does it handle incoming network data ? No
Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? No. It uses python libraries for xml parsing.
Any source code review performed ? I (Scott Moser) have quickly browsed through the source in looking for the cause of one bug. Other than that I am not aware of explicity code review. The library's fairly widespread attribute to its quality (or at very least to its usefulness).
Quality assurance:
In what situations does the package not work out of the box without configuration ? None that I am aware of.
Does the package ask any debconf questions higher than priority 'medium' ? No.
Debian bugs: None
Maintenance in Debian is frenetic/vigorous/calm/dead ? It is fairly active, 9 new uploads in 2009.
Upstream is frenetic/vigorous/calm/dead ? Upstream is active.
Upstream bug tracker: Nothing of significant interest to euca2ools or ec2-init. The most concerning is 266 - serious bug with XmlHandler
Hardware: Does this package deal with hardware and if so how exotic is it ?
Is there a test suite in the upstream source or packaging ? Yes. Is it enabled to run in the build ? No. The test suite is based upon being able to connect to AWS to demonstrate its function. This would not be suitable for the build system.
UI standards:
User-visible strings are internationalized using standard gettext system ? No.
Package with translatable strings builds a PO template during package build ? No.
End-user applications ship a desktop file ? Not applicable
Standards compliance:
FHS, Debian Policy compliance ?
Packaging system (debhelper/cdbs/dbs) ? debhelper. Patch system ? None. Any packaging oddities ? No.
Dependencies:
- python
- python-support
Are these all in main ? Yes
Maintenance:
How much maintenance is this package likely to need ? With fairly active debian maintenance, there shouldn't be too much need for ubuntu maintenance.
Who is responsible for monitoring the quality of this package and fixing its bugs ? Debian Maintainer, Scott Moser, Soren Hanson, ubuntu-on-ec2 team. Are they Ubuntu or Debian developers ?. Some Ubuntu developers.
Who is the package bug contact in Ubuntu? Scott Moser.
Background information:
- The general purpose and context of the package should be clear from the package's debian/control file.
What do upstream call this software ? 'boto' Has it had different names in the past ? No. At least not in 2 years it has been packaged for debian.
Internationalization:
Are graphical applications translatable? Do they support gettext? Not Applicable
Reviewers
MIR bug: https://launchpad.net/bugs/434701
Author
- Scott Moser
MainInclusionPython-Boto (last edited 2009-09-22 15:19:28 by d14-69-66-169)