= Main Inclusion Report for ltspfsd =

== Requirements ==

 0. ''Availability:'' http://archive.ubuntu.com/ubuntu/pool/universe/l/ltspfsd, available for all supported architectures
 0. ''Rationale:'' Needed for LTSP localdevice support
 0. ''Security:''
  * No [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ltspfsd|CVE entries]].
  * No [[http://secunia.com/search/?search=ltspfsd|Secunia history]].
  * No binaries running as root or suid/sgid.
  * Does open port 9220 on LTSP thin clients, does only accept Xauthenticated connections.
  * Source code review:
   * `common.c`: Replace `sprintf`/`system` with `fork`/`execv` (buffer overflow, shell code injection)
   * UPDATE: Just fixed locally.
 0. ''Quality assurance:''
  * Package works out of the box without configuration.
  * Package does not ask any debconf questions higher than priority 'normal'.
  * Not in debian yet (the ltsp people expressed interest to get it in though)
  * Active [[http://wiki.ltsp.org/twiki/bin/view/Ltsp/LtspFS#Installing_ltspfsd_on_your_termi|cvs]] only (see the text, upstream will move to LP/bzr).
  * No critical bugs in [[https://bugs.freedesktop.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&product=&content=ltspfsd|upstream bug tracker]] (upstream will move to malone)
  * Does not deal with exotic hardware which we cannot support.
 0. ''Standards compliance:'' 
  * Meets the [[http://www.pathname.com/fhs/|FHS]], [[http://www.de.debian.org/doc/debian-policy/|Debian Policy]]
  * Standard debhelper packaging, no patch system, no libs.
 0. ''Dependencies:''
  * All in main.

== Reviewers ==
MartinPitt: approved