Main Inclusion Report for ltspfs

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/l/ltspfs, available for all supported architectures

2. Rationale: Needed for LTSP localdevice support

3. Security:

   • No CVE entries.

   • No Secunia history.

   • No binaries running as root or suid/sgid.
   • Does open any port (client binary for ltspfsd).
   • Source code review:

     • ltspfs.c: potential buffer overflow/arbitrary code execution with sprintf and popen (unchecked $DISPLAY), needs discussion about invocation and privilege boundaries

     • UPDATE: this just got fixed

4. Quality assurance:

   • Package works out of the box without configuration.
   • Package does not ask any debconf questions higher than priority 'normal'.
   • Not in debian yet (the ltsp people expressed interest to get it in though)

   • Active cvs only (see the text, upstream will move to LP once its in main).

   • No critical bugs in upstream bug tracker (upstream will move to LP)

   • Does not deal with exotic hardware which we cannot support.

5. Standards compliance:

   • Meets the FHS, Debian Policy

   • Standard debhelper packaging, no patch system, no libs.

6. Dependencies:

   • All in main.

Reviewers

MartinPitt: approved