MainInclusionReportOcfs2Tools
Main inclusion report for ocfs2-tools
Author: Martin Pitt
Requirements
1. Availability: Ubuntu universe, compiled on all arches.
2. Rationale: In the server world there is a great demand for integrated and out of the box clustering solutions. It is less interesting for Desktop users.
3. Security:
- No CANs.
- No Secunia record.
- The package is very young and not even stable, so there is no real security history.
- The client binaries are run by root with root privileges, thus no privilege escalation potential in them.
- I am not aware of any security review of the code.
- Daemon runs in kernel space, and is not shipped in this package; however, it cannot actually be used without these tools, so if this package is in main, we automatically support the daemon, too.
- Since it is necessary to have open ports for the daemon, any bug can potentially lead to remote root privilege escalation.
4. QA:
Installation: appropriately easy, nice GUI in ocfs2monitor
- Bugs:
- package not present in Debian
- no bugs in Malone so far
upstream bugzilla has a lot of critical and major open issues
Maturity: upstream homepage classifies it as "very much a work in progress" and "BETA software. It should absolutely NOT be run on production systems. If you are looking to run OCFS on a production system, check out OCFS version 1". This makes it questionable whether we can support it appropriately. The stuff has a high potential to mess up your file system and break our box all over the place.
- Hardware interaction: needs a couple of connected hosts, nothing special in that area.
5. Standards compliance:
Standard debhelper packaging.
- FHS met.
- Debian package and library policy met.
Reviewers
MartinPitt: It is not apparently frightening security-wise, but QA supportability is highly questionable. If there is a stable release soon and we will get dedicated upstream support for this (JeffWaugh and MarkShuttleworth are negotiating), then I accept it. If not, I'm reluctant. My proposal is to wait with main inclusion until above two conditions are met.
MainInclusionReportOcfs2Tools (last edited 2008-08-06 16:24:08 by localhost)