Main Inclusion Report for libpdfrenderer-java

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/libp/libpdfrenderer-java/; architecture: all

2. Rationale:

   • Build dependency of libitext-java

3. Security:

   • CVE entries: none

   • Secunia history: no entries found

   • Package includes no suid binaries and no daemons, only a java library for use by applications
   • Network activity: library is not network-aware.
   • Binary or structured data: package parses PDF documents in order to render them.
   • No source code review has been done.

4. Quality assurance:

   • Package is believed to work out-of-the-box in all cases.
   • No debconf questions asked.

   • Debian bugs: no open bug reports.

   • Maintenance in Debian is calm

   • Upstream is calm

   • Upstream bug tracker: no major issues

   • Hardware: package is not hardware-sensitive
   • Upstream includes a test suite that doesn't appear to be used in the package build.

5. UI standards:

   • This package is used only as a build-dependency of other libraries and should not interact with users at any point.

6. Standards compliance:

   • FHS, Debian Policy: yes

   • Packaging system: cdbs
   • Patch system: none

7. Dependencies:

   • default-jre | java2-runtime

8. Maintenance:

   • Although there is some security risk because the package parses PDFs, ongoing maintenance burden is expected to be minimal since the package is also not actively used in main.
   • The package will not be actively monitored by Ubuntu developers, and will rely primarily on the Debian maintainer to provide bugfixes. The package is currently in sync with Debian.

9. Background information:

   • The software is named pdf-renderer upstream.

Reviewers

MIR bug: https://launchpad.net/bugs/358249

SteveLangasek