MainInclusionReportOcfs2Tools

Main inclusion report for ocfs2-tools

Author: Martin Pitt

Requirements

1. Availability: Ubuntu universe, compiled on all arches.

2. Rationale: In the server world there is a great demand for integrated and out of the box clustering solutions. It is less interesting for Desktop users.

3. Security:

  • No CANs.
  • No Secunia record.
  • The package is very young and not even stable, so there is no real security history.
  • The client binaries are run by root with root privileges, thus no privilege escalation potential in them.
  • I am not aware of any security review of the code.
  • Daemon runs in kernel space, and is not shipped in this package; however, it cannot actually be used without these tools, so if this package is in main, we automatically support the daemon, too.
  • Since it is necessary to have open ports for the daemon, any bug can potentially lead to remote root privilege escalation.

4. QA:

  • Installation: appropriately easy, nice GUI in ocfs2monitor

  • Bugs:
    • package not present in Debian
    • no bugs in Malone so far
    • upstream bugzilla has a lot of critical and major open issues

  • Maturity: upstream homepage classifies it as "very much a work in progress" and "BETA software. It should absolutely NOT be run on production systems. If you are looking to run OCFS on a production system, check out OCFS version 1". This makes it questionable whether we can support it appropriately. The stuff has a high potential to mess up your file system and break our box all over the place.

  • Hardware interaction: needs a couple of connected hosts, nothing special in that area.

5. Standards compliance:

  • Standard debhelper packaging.

  • FHS met.
  • Debian package and library policy met.

Reviewers

MartinPitt: It is not apparently frightening security-wise, but QA supportability is highly questionable. If there is a stable release soon and we will get dedicated upstream support for this (JeffWaugh and MarkShuttleworth are negotiating), then I accept it. If not, I'm reluctant. My proposal is to wait with main inclusion until above two conditions are met.

CategoryArchive

MainInclusionReportOcfs2Tools (last edited 2008-08-06 16:24:08 by localhost)