Main Inclusion Report for commons-pool

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/c/commons-pool; available for all supported architectures.

2. Rationale:

   • The Apache Commons Java libraries are basic library blocks used in lots of Java software.

   • It is a runtime dependency of tomcat6 (see MainInclusionReportTomcat6).

3. Security:

   • CVE entries: none

   • Secunia history: empty

   • No binaries running as root, this package just provides Java libraries.
   • Network activity: commons-pool does not open any port or handle incoming network data in itself.
   • It does not directly process binary or structured data.

   • No source code review. Fortify scanned it as part of its Java Open Review project and they found it to be defect-free.

4. Quality assurance:

   • The package is known to work out of the box without configuration.
   • It does not ask any debconf questions higher than priority 'medium'.

   • Debian bugs: none.

   • Maintenance in Debian is calm.

   • Upstream is vigorous.

   • Upstream bug tracker: no critical bugs.

   • Hardware: the package does not deal with hardware.
   • There is a junit test suite in the upstream source and it is enabled in the Debian build.

5. Standards compliance:

   • FHS compliant, Debian Policy compliant (in particular the Java library subpolicy).

   • Packaging system is debhelper, patches are directly included in diff.gz without a patch system.

6. Dependencies:

   • Build dependencies (debhelper, ant, ant-optional, java-gcj-compat-dev, junit, classpath-doc) are all in main.
   • No specific runtime dependencies.

7. Background information:

   • General purpose and context of the package is clear from the package's debian/control file.
   • Upstream calls this software the Apache Commons Pool component.

Reviewers

MIR bug: https://launchpad.net/bugs/260388

ThierryCarrez