= Main Inclusion Report for libcommons-dbcp-java =

== Requirements ==

 0. ''Availability:'' [[http://archive.ubuntu.com/ubuntu/pool/universe/libc/libcommons-dbcp-java]]; available for all supported architectures.
 0. ''Rationale:''
  * The ''Apache Commons'' Java libraries are basic library blocks used in lots of Java software.
  * The DBCP component is a runtime dependency of tomcat6 (see MainInclusionReportTomcat6).
 0. ''Security:''
  * [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=commons-dbcp|CVE entries]]: none
  * [[http://secunia.com/search/?search=commons-dbcp|Secunia history]]: empty
  * No binaries running as root, this package just provides Java libraries.
  * Network activity: commons-dbcp does not open any port or handle incoming network data in itself.
  * It does not directly process binary or structured data.
  * No source code review. Fortify scanned it as part of its [[https://opensource.fortify.com/teamserver/welcome.fhtml|Java Open Review project]] and they found it to be defect-free. 
 0. ''Quality assurance:''
  * The package is known to work out of the box without configuration.
  * It does not ask any debconf questions higher than priority 'medium'.
  * [[http://bugs.debian.org/src:libcommons-dbcp-java|Debian bugs]]: none.
  * [[http://packages.qa.debian.org/libc/libcommons-dbcp-java.html|Maintenance in Debian]] is calm.
  * [[http://commons.apache.org/dbcp/|Upstream]] is calm (last release in April 2007).
  * [[http://issues.apache.org/jira/browse/DBCP|Upstream bug tracker]]: no critical bugs.
  * Hardware: the package does not deal with hardware.
  * There is a junit test suite in the upstream source, but it is not enabled in the Debian build.
 0. ''Standards compliance:'' 
  * [[http://www.pathname.com/fhs/|FHS]] compliant, [[http://www.de.debian.org/doc/debian-policy/|Debian Policy]] compliant (in particular the [[http://www.debian.org/doc/packaging-manuals/java-policy/x105.html|Java library]] subpolicy).
  * Packaging system is CDBS, no patches.
 0. ''Dependencies:''
  * Build dependencies: debhelper, cdbs, junit, ant and java-gcj-compat-dev are all in main. MIR for libcommons-pool-java (MainInclusionReportCommonsPool) and libcommons-collections-java (MainInclusionReportLibCommonsCollectionsJava) have been filed.
  * Runtime dependencies: depends on libcommons-pool-java and libcommons-collections-java (see MIR links above).
 0. ''Background information:''
  * General purpose and context of the package is clear from the package's debian/control file.
  * Upstream calls this software the Apache Commons DBCP component.

== Reviewers ==

MIR bug: [[https://launchpad.net/bugs/260386]]

ThierryCarrez