Main inclusion report for libnotify

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/libn/libnotify, compiled on all arches.

2. Rationale: Proposed build dependency of gnome-power and gnome-volume-manager, will probably be used more in Gnome.

3. Security:

• No CANs.
• No Secunia record.
• Very young package, so no security history yet; however, it is relatively uncritical.

• audited notify.c:

  • found potential integer/buffer overflow in icon frame handling, but that is usually controlled by the application. MartinPitt patched it and sent it to upstream.

  • shallow dbus interface, no other obvious flaws

• audited notify-send.c: no problems found

4. QA:

• Installation:

  • libnotify0, libnotify-dev: only a library, no end user tool.

  • libnotify-bin: single binary notify-send which works out of the box on i386 and amd64, but hangs on powerpc.

• Bugs: package not in Debian, no upstream bugs.

5. Standards compliance:

• Standard cdbs packaging.

• FHS met.
• Debian policy met.

6. Dependencies:

• notification-daemon

Reviewers

MartinPitt: approved; notify-send hang on ppc is not critical and will be fixed soon