Main Inclusion Report for libvncserver-dev

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/libv/libvncserver, available for all supported architectures.

2. Rationale:

   • Build dependency of xen-3.0.
   • Promote the header files to main.

3. Security:

   • 1 CVE entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2450 (the VNC auth type none bug)

   • No binaries running as root or suid/gid.
   • Does not open any port.
   • We have not performed a source code review. However this is a reasonably well-known piece of software.

4. Qualitiy Assurance:

   • Package works out of the box (to build against).
   • Package does not ask debconf questions higher than priority 'medium'

   • No showstopper debian bugs; some of the other binary packages have bugs but at this time we only propose to promote the source and the one binary libvncserver-dev.

   • Active maintenance in debian and some upstream activity too.

   • Does not deal hardware at all.

   • Worst problem is that it provides static libraries only so in case of problems all dependent packages must be recompiled. At this time the only dependent package in main is xen-3.0.

5. Standards compilance

   • Meets FHS and Debian Policy.
   • Ordinary debhelper-based debian/rules

Reviewers

Report improved a bit and then approved by Ian Jackson.