Main Inclusion Report for arj

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/a/arj/; available for all supported architectures or some subset ? All

2. Rationale:

   • Recommends for clamav (spec'ed for Intrepid):

     • ClamavSpamassassinInMain

3. Security:

   • CVE entries: Most of the CVEs appear to use arj archives to compromise other applications.

   • Secunia history: there are a few, but seem to be mostly related to unarj.

   • Any binaries running as root or suid/sgid ? No Any daemons ? No
   • Network activity: does it open any port ? No Does it handle incoming network data ? No
   • Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? Yes processes arj archive files.
   • Any source code review performed ? (The approver will do a quick and shallow check.) No

4. Quality assurance:

   • In what situations does the package not work out of the box without configuration ? None
   • Does the package ask any debconf questions higher than priority 'medium' ? No

   • Debian bugs: (mention any that are particularly relevant, and any showstoppers) None

   • Maintenance in Debian is calm, only a few updates this year.

   • Upstream is calm, last release was in 2005.

   • Upstream bug tracker: (mention any particularly relevant or critical) None

   • Hardware: Does this package deal with hardware and if so how exotic is it ? No
   • Is there a test suite in the upstream source or packaging ? No Is it enabled to run in the build ? No

5. Standards compliance:

   • FHS Yes, Debian Policy compliance ? Yes

   • Debian library packaging guide standards compliance ? Yes

   • Packaging system (debhelper/cdbs/dbs) ? debhelper Patch system ? quilt Any packaging oddities ? No

6. Dependencies:

   • autoconf
   • Are these all in main ? Yes

7. Background information:

   • The general purpose and context of the package should be clear from the package's debian/control file. If it isn't then please explain.
   • What do upstream call this software ? Open-source ARJ archiver Has it had different names in the past ? No

Reviewers

MIR bug: 261885

Author Asommer; reviewers will add comments etc. too