Main Inclusion Report for Nvu

1. Availability: Currently FTFBS due to X issues. The package is available in ubuntu universe

2. Rationale: The package is required for the Edubuntu desktop

3. Security:

   • Contains and uses old and vulnerable Mozilla code copy #306822; ideally it would build-dep on mozilla-firefox-dev, if that is really not possible, then mozilla-dev.

   • debs contain ./usr/lib/nvu-1.0PR/libnspr4.so, must be changed to link against libnspr4 package

4. Quality assurance:

   • Needs no setup after install

   • 1 HIG bug in Ubuntu

   • 1 policy and a number of less important bugs in Debbugs.

   • There is a new upstream version (1.0) not yet in Debian. We might want to pull this in.

5. Standards compliance:

   • Meets FHS and Debian Policy.
   • Due to the included Mozilla copy, the tarball is huge, it should be repacked.

6. Dependencies:

   • all in main

Reviewers

MartinPitt: security issues need to be solved before approval; Update: nvu does not build with mozilla-dev, with the 1.7.11 sources, nor with Mozilla CVS HEAD sources, so this is hopeless. Rejected.