Main Inclusion Report for ltspfsd

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/l/ltspfsd, available for all supported architectures

2. Rationale: Needed for LTSP localdevice support

3. Security:

   • No CVE entries.

   • No Secunia history.

   • No binaries running as root or suid/sgid.
   • Does open port 9220 on LTSP thin clients, does only accept Xauthenticated connections.
   • Source code review:

     • common.c: Replace sprintf/system with fork/execv (buffer overflow, shell code injection)

     • UPDATE: Just fixed locally.

4. Quality assurance:

   • Package works out of the box without configuration.
   • Package does not ask any debconf questions higher than priority 'normal'.
   • Not in debian yet (the ltsp people expressed interest to get it in though)

   • Active cvs only (see the text, upstream will move to LP/bzr).

   • No critical bugs in upstream bug tracker (upstream will move to malone)

   • Does not deal with exotic hardware which we cannot support.

5. Standards compliance:

   • Meets the FHS, Debian Policy

   • Standard debhelper packaging, no patch system, no libs.

6. Dependencies:

   • All in main.

Reviewers

MartinPitt: approved