MainInclusionReportJACK

Differences between revisions 2 and 9 (spanning 7 versions)
Revision 2 as of 2008-01-16 13:55:07
Size: 2938
Editor: cpe-071-070-203-016
Comment:
Revision 9 as of 2009-09-09 17:40:34
Size: 3567
Editor: 17
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Main Inclusion Report for jack-audio-connection-kit =

'''Note''': when writing a report this template should be vigorously edited; as a rule of thumb, every individual point should be replaced with a description of the actual situation in the package in question. The purpose of the report is to convey information to the reviewer, so there is no problem with varying the text in the bullet items, or with adding additional information.

Please be informative, and in particular be thorough in investigating and explaining any weaknesses and problems with the package. The purpose of the report is to show to the reviewer that the package has been properly investigated, and to give the reviewer the information from that investigation, for their decision.
= Main Inclusion Report for Jack-Audio-Connection-Kit (JACK) =
Line 9: Line 5:
 0. ''Availability:'' [http://archive.ubuntu.com/ubuntu/pool/universe/j/jack-audio-connection-kit]; Available for all supported architectures.  0. ''Availability:'' [[http://archive.ubuntu.com/ubuntu/pool/universe/j/jack-audio-connection-kit]]; Available for all supported architectures.
Line 11: Line 7:
  * Build dependency of ...
  *
  * Build dependency of the 'jack' alsa plugin (now disabled in libasound2-plugins, see launchpad bugs [[https://bugs.launchpad.net/ubuntu/+source/alsa-plugins/+bug/197957|197957]] and [[https://bugs.launchpad.net/ubuntu/+source/alsa-plugins/+bug/84900|84900]])
  * ...
Line 14: Line 10:
  * [http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=PRODUCT_NAME CVE entries]: ...
  * [http://secunia.com/search/?search=PRODUCT_NAME Secunia history]: ...
  * Any binaries running as root or suid/sgid ? Any daemons ?
  * Network activity: does it open any port ? Does it handle incoming network data ?
  * Any source code review performed ? (The approver will do a quick and shallow check.)
  * No [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jack|CVE entries]] known.
  * No [[http://secunia.com/search/?search=jack|Secunia history]] known
  * Only binaries in ''jackd'', none of which are suid/sgid. Note: realtime capabilities are nowadays granted to users/groups though /etc/security/limits.conf
  * jackd is of course a daemon, but is not automatically started on startup
  * jackd does not listen for network connections itself - it requires the installation of a separately available 'netjack' driver for this.
  * No source code review is performed that we know of.
Line 20: Line 17:
  * In what situations does the package not work out of the box without configuration ?
  * Does the package ask any debconf questions higher than priority 'medium' ?
  * [http://bugs.debian.org/src:SOURCE_PACKAGE_NAME Debian bugs]: (mention any that are particularly relevant, and any showstoppers)
  * [http://packages.qa.debian.org/S/SOURCE_PACKAGE_NAME.html Maintenance in Debian] is frenetic/vigorous/calm/dead ?
  * [http:// Upstream] is frenetic/vigorous/calm/dead ?
  * [http:// Upstream bug tracker]: (mention any particularly relevant or critical)
  * Hardware: Does this package deal with hardware and if so how exotic is it ?
  * In what situation does the package not work out of the box without configuration?
   * Jack needs some audio output device to connect to in order to start. This might fail if such a device is not available, or if another process is keeping a device occupied that does not support multiple concurrent connections.
   * Some configuration may be required for optimal performance (i.e. low latency) depending on the audio card used. [[https://help.ubuntu.com/community/HowToJACKConfiguration|Configuration instruction]] are available at help.ubuntu.com.
  * Does the package ask any debconf questions highter than priority 'medium'?
   * Jack does not ask any debconf questions.
  * Debian bugs: [[http://bugs.debian.org/src:jack|only wishlist items are open right now]]
  * Maintenance in Debian: [[http://packages.qa.debian.org/j/jack.html|Is calm]]
  * Upstream: [[http://jackaudio.org|Is vigorous]]
  * Upstream bug tracker: [[http://trac.jackaudio.org/jack/|nothing particularly relevant or critical there either it seems]]
  * Hardware: This package deals well with most commonly available consumer and semi- and professional audio cards.
  * Is there a test stuie in the upstream source or packaging?
  * Is it enabled to run in the build?
 0. ''UI standards:''
  * User-visible strings are internationalized using standard gettext system ?
  * Package with translatable strings builds a PO template during package build ?
  * End-user applications ship a desktop file ?
Line 28: Line 34:
  * [http://www.pathname.com/fhs/ FHS], [http://www.de.debian.org/doc/debian-policy/ Debian Policy] compliance ?
  * [http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html Debian library packaging guide] standards compliance ?
  * [[http://www.pathname.com/fhs/|FHS]], [[http://www.de.debian.org/doc/debian-policy/|Debian Policy]] compliance ?
  * [[http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html|Debian library packaging guide]] standards compliance ?
Line 40: Line 46:
MIR bug: [https://bugs.launchpad.net/BUGNUMBER] MIR bug: [[https://bugs.launchpad.net/BUGNUMBER]]
Line 43: Line 49:
* Contributor: Arnout 'raboof' Engelen

Main Inclusion Report for Jack-Audio-Connection-Kit (JACK)

Requirements

  1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/j/jack-audio-connection-kit; Available for all supported architectures.

  2. Rationale:

    • Build dependency of the 'jack' alsa plugin (now disabled in libasound2-plugins, see launchpad bugs 197957 and 84900)

    • ...
  3. Security:

    • No CVE entries known.

    • No Secunia history known

    • Only binaries in jackd, none of which are suid/sgid. Note: realtime capabilities are nowadays granted to users/groups though /etc/security/limits.conf

    • jackd is of course a daemon, but is not automatically started on startup
    • jackd does not listen for network connections itself - it requires the installation of a separately available 'netjack' driver for this.
    • No source code review is performed that we know of.
  4. Quality assurance:

    • In what situation does the package not work out of the box without configuration?
      • Jack needs some audio output device to connect to in order to start. This might fail if such a device is not available, or if another process is keeping a device occupied that does not support multiple concurrent connections.
      • Some configuration may be required for optimal performance (i.e. low latency) depending on the audio card used. Configuration instruction are available at help.ubuntu.com.

    • Does the package ask any debconf questions highter than priority 'medium'?
      • Jack does not ask any debconf questions.
    • Debian bugs: only wishlist items are open right now

    • Maintenance in Debian: Is calm

    • Upstream: Is vigorous

    • Upstream bug tracker: nothing particularly relevant or critical there either it seems

    • Hardware: This package deals well with most commonly available consumer and semi- and professional audio cards.
    • Is there a test stuie in the upstream source or packaging?
    • Is it enabled to run in the build?
  5. UI standards:

    • User-visible strings are internationalized using standard gettext system ?
    • Package with translatable strings builds a PO template during package build ?
    • End-user applications ship a desktop file ?
  6. Standards compliance:

  7. Dependencies:

    • ...
    • Are these all in main ?
  8. Background information:

    • The general purpose and context of the package should be clear from the package's debian/control file. If it isn't then please explain.
    • What do upstream call this software ? Has it had different names in the past ?

Reviewers

MIR bug: https://bugs.launchpad.net/BUGNUMBER

The author of this report should put their name here; reviewers will add comments etc. too * Contributor: Arnout 'raboof' Engelen

MainInclusionReportJACK (last edited 2010-03-16 12:37:56 by 189)