= Main Inclusion Report for grub2 = == Requirements == 0. ''Availability:'' [[http://archive.ubuntu.com/ubuntu/pool/universe/g/grub2]]; this package is available for amd64, i386, and powerpc architectures and is an architecture-specific bootloader (though it may be ported to other architectures later). It should also be made available for lpia. This request involves only i386/amd64/lpia; there is no plan to use grub on the powerpc port at present. 0. ''Rationale:'' * The {{{grub-common}}} package (built from the grub2 source) is a requirement to support installing grub on XFS filesystems. * grub2 is being evaluated for a future transition of the default bootloader, and will be optionally available for installation as the bootloader in jaunty. It's not too early to bring it under the security support/maintenance umbrella. 0. ''Security:'' * [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=grub|CVE entries]]: no known CVEs against GRUB2, vs. one against GRUB legacy. (Since this is a bootloader, security exposure is limited to problems with boot password handling.) * [[http://secunia.com/search/?search=grub|Secunia history]]: no entries found. * Network activity: because grub2 supports multiboot and can bootstrap from the network, there is some network exposure but this should not be remotely exploitable. 0. ''Quality assurance:'' * While there are no cases in which the package should not work out of the box, due to the hardware-sensitive nature of the package this is still something of an open question that [[FoundationsTeam/Specs/Grub2ByDefault]] seeks to answer by making it an install-time option. * Installing the {{{grub-pc}}} binary package also does not automatically take over the boot block from grub; this is a good thing since rewriting the MBR is in general a risky operation, and we should be conservative here in the early stages of the transition. * There is a high-priority debconf question when installing the {{{grub-pc}}} package on a system that previously had {{{grub}}} installed. This is not a transition that will take place automatically for jaunty. * [[http://bugs.debian.org/src:grub2|Debian bugs]]: * [[http://bugs.debian.org/500631|kernel fails in postinst with grub2: no such file /sbin/update-grub]] - only an issue on systems upgraded from old versions of Ubuntu; out of scope for the current plans, but needs to be addressed before grub2 becomes default * [[http://packages.qa.debian.org/g/grub2.html|Maintenance in Debian]] is vigorous * [[http://www.gnu.org/software/grub/|Upstream]] is calm 0. ''UI standards:'' * The GRUB2 bootloader supports internationalization - unlike the current GRUB1 bootloader. * Translations are not included as standard .po files and there is no .pot file in the source package; it's unknown what form these translations take 0. ''Standards compliance:'' * Package complies with the [[http://www.pathname.com/fhs/|FHS]] and [[http://www.de.debian.org/doc/debian-policy/|Debian Policy]] * Packaging system: cdbs, using simple-patchsys 0. ''Dependencies:'' * glibc, libncurses, debconf, liblzo2-2, os-prober, base-files: all in main 0. ''Maintenance:'' * Regardless of whether this package is included in main now, a good deal of work needs to be put into it to make it suitable for transitioning to it as a default bootloader. * The package is actively maintained in Debian. The Ubuntu Foundations Team (initially, SteveLangasek) will be responsible for monitoring the package in Ubuntu and responding to bugs. == Reviewers == MIR bug: [[https://launchpad.net/bugs/331305]] SteveLangasek