Main Inclusion Report for bouncycastle

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/b/bouncycastle; available for all architectures except hppa

2. Rationale:

   • Build dependency of libitext-java

3. Security:

   • CVE entries: none

   • Secunia history: no records found

   • No binaries running as root or suid/sgid; no daemons.
   • Network activity: does not open ports or handle network data directly
   • Does directly process binary data, of a cryptographically-sensitive nature (PGP, S/MIME, TSP)
   • No source code review has been done.

4. Quality assurance:

   • Package is believed to work out-of-the-box in all cases.
   • No debconf questions asked.

   • Debian bugs: no bugs relevant to the supported architectures

   • Maintenance in Debian is calm

   • Upstream is vigorous

   • Upstream bug tracker: not public

   • Hardware: package is not hardware-sensitive
   • Upstream includes a test suite that doesn't appear to be used in the package build.

5. UI standards:

   • This package is used only as a build-dependency of other libraries and should not interact with users at any point.

6. Standards compliance:

   • FHS, Debian Policy compliance: yes

   • Packaging system: cdbs
   • Patch system: quilt

7. Dependencies:

   • java-gcj-compat | java2-runtime
   • libgnujaf-java
   • libgnumail-java

8. Maintenance:

   • Package may require ongoing maintenance effort as a cryptographic library implementation.
   • The package will not be actively monitored by Ubuntu developers, and will rely primarily on the Debian maintainer to provide bugfixes. The package is currently in sync with Debian.

Reviewers

MIR bug: https://launchpad.net/bugs/309411

SteveLangasek