Main Inclusion Report for sourcepackage

Libtommath was used as embedded code for clamav, but in the new version 0.95 is used as a dependency.

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/libt/libtommath/; available for all supported architectures.

2. Rationale:

   • Build dependency of clamav

3. Security:

   • CVE entries: ...

   • Secunia history: ...

   • Any binaries running as root or suid/sgid ? Any daemons ? No
   • Network activity: does it open any port ? Does it handle incoming network data ? No
   • Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? No
   • Any source code review performed ? (The approver will do a quick and shallow check.) No, it's already in main as embedded code.

4. Quality assurance:

   • In what situations does the package not work out of the box without configuration ? All
   • Does the package ask any debconf questions higher than priority 'medium' ? No

   • Debian bugs: (mention any that are particularly relevant, and any showstoppers)

   • Maintenance in Debian is calm ?

   • Upstream is calm ?

   • Upstream bug tracker: (mention any particularly relevant or critical)

   • Hardware: Does this package deal with hardware and if so how exotic is it ? No
   • Is there a test suite in the upstream source or packaging ? Is it enabled to run in the build ?

5. UI standards:

   • User-visible strings are internationalized using standard gettext system ?
   • Package with translatable strings builds a PO template during package build ?
   • End-user applications ship a desktop file ?

6. Standards compliance:

   • FHS, Debian Policy compliance ? Yes

   • Debian library packaging guide standards compliance ? Yes

   • Packaging system (debhelper/cdbs/dbs) ? Patch system ? Any packaging oddities ? Packaged using debhelper. No changes to the source.

7. Dependencies:

   • debhelper
   • libtool
   • texlive-latex-recommended
   • libtiff-tools
   • ghostscript
   • Are these all in main ? All except libtiff-tools. It was in Main through Hardy and would need to be repromoted.

8. Maintenance:

   • How much maintenance is this package likely to need ? (Simple packages may largely take care of themselves; complex packages will need dedicated developers paying attention to them.) Is a simple package wihtout needed much attention
   • Who is responsible for monitoring the quality of this package and fixing its bugs ? Are they Ubuntu or Debian developers ? Debian developers

9. Background information:

   • The general purpose and context of the package should be clear from the package's debian/control file. If it isn't then please explain.
   • What do upstream call this software ? Has it had different names in the past ? Libtom Math

10. Internationalization:

    • Are graphical applications translatable? Do they support gettext? it doesn't have GUI

Reviewers

MIR bug: https://bugs.launchpad.net/ubuntu/+source/libtommath/+bug/350069

Authors: nxvl and ScottK