Main Inclusion Report for sourcepackage

Note: when writing a report this template should be vigorously edited; as a rule of thumb, every individual point should be replaced with a description of the actual situation in the package in question. The purpose of the report is to convey information to the reviewer, so there is no problem with varying the text in the bullet items, or with adding additional information.

Please be informative, and in particular be thorough in investigating and explaining any weaknesses and problems with the package. The purpose of the report is to show to the reviewer that the package has been properly investigated, and to give the reviewer the information from that investigation, for their decision.

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/k/kvm; Due to hardware requirements, kvm is only available on i386 and amd64.

2. Rationale: kvm is our chosen preferred virtualisation technology.

3. Security:

   • No CVE's or Secunia advisories found.
   • kvm requires access to a device node, which offers access to use the virtulisation features of modern CPU's. The author of this MIR is not familiar with any security issues in the past arising from giving access to unprivileged users to this device node. (It's worth noting that the kernel side of this is in the mainline kernel, so it's already in main anyway).
   • kvm can be configured to listen for VNC connections.
   • The author of this MIR is not aware of any formal code review.

4. Quality assurance:

   • Debian bugs: #458481 is already fixed in Ubuntu. #452963 likewise.

   • Maintenance in Debian is decent. Upstream makes very frequent releases and Debian follows these relatively closely.

   • Upstream is very active. Releases are usually no more than a week apart, and there's substantial commercial backing (Intel, IBM and Qumranet).

   • upstream bug tracker.

   • Hardware: Requires recent Intel or AMD processor to work really well. In the absence of hardware support, everything still works, but very slowly.

5. Standards compliance:

   • There are no known Debian Policy violations.
   • Uses fairly straightforward debhelper packaging. Only quirk is the kvm-source package (for module-assistant), but I always find that quirky, so YMMV.

6. Dependencies:

   • Build-Depends: autotools-dev, bcc, bzip2, debhelper (>= 5), gcc-3.4, iasl, libasound2-dev, libgnutls-dev, libsdl1.2-dev, nasm, pkg-config, quilt (>= 0.40), texi2html, uuid-dev, zlib1g-dev

   • Depends: ${shlibs:Depends}, ${misc:Depends}, iproute, bridge-utils, vgabios
   • Everything apart from iasl and vgabios is already in main.

7. Background information:

   • Ubuntu has chosen KVM as its preferred virtualisation technology.

Reviewers

MIR bug: https://bugs.launchpad.net/181274

MIR authored by: SorenHansen