Main Inclusion Report for nvclock


  1. Availability:; available for all archs, although hardware-specific and only relevant for systems with nVidia chipsets

  2. Rationale:

    • provides a version of the smartdimmer software, currently in main, which supports a wider range of hardware

    • the smartdimmer package is Ubuntu-specific; the nvclock package is present in Debian, so is actively maintained, unlike the smartdimmer package which has not been uploaded since 2007.

  3. Security:

    • CVE entries: CVE-2007-3531, temporary file symlink attack

    • Secunia history: none

    • no suid binaries and no daemons; however, the smartdimmer command will be invoked by hal in response to hotkey events, so it must be guarded against certain kinds of security vulnerabilities (e.g., symlink attacks)
    • Network activity: none
    • Does not process user data
    • No source code review has been done
  4. Quality assurance:

    • Package should work out-of-the-box with no configuration on all supported hardware.
    • Package asks no debconf questions.
    • Debian bugs: One severity: important bug in the nvclock-gtk binary package, which is not needed in main

    • Maintenance in Debian is calm

    • Upstream is calm

    • No upstream bug tracker.
    • Hardware: package is specific to nvidia video hardware. This presents some challenges for maintenance because of the difficulty of regression-testing.
    • No upstream test suite (probably not meaningful to have one)
  5. UI standards:

    • No user-visible strings in the default usage. The commandline tools are not localized.
    • A desktop file is provided for the nvclock front-ends in the source package, but this is not shipped in the binary packages. The binary packages in question (nvclock-gtk and nvclock-qt) are not needed in main and should not be seeded.

  6. Standards compliance:

    • FHS, Debian Policy compliance: yes

    • Packaging system: debhelper. Patch system: dpatch.
  7. Dependencies:

    • libqt3-mt-dev
    • libgtk2.0-dev
    • libglib2.0-dev
  8. Maintenance:

    • Package is not expected to require significant ongoing maintenance.
    • The package will not be actively monitored by Ubuntu developers, and we will rely primarily on the Debian maintainer to provide bugfixes. The addition of the smartdimmer binary package represents a delta from Debian, but this is not a notable regression since the smartdimmer package we currently have in main is effectively abandonware.


MIR bug:


MainInclusionReportNvclock (last edited 2009-03-24 21:44:18 by minbar)