Main Inclusion Report for sourcepackage

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/o/openvpn; available for all supported architectures.

2. Rationale:

   • https://wiki.ubuntu.com/ServerPackageReview

3. Security:

   • CVE entries: Few entries, none affects the version in hardy.

   • Secunia history: same as cve.

   • Any binaries running as root or suid/sgid ? Any daemons ?
     • It involves daemons on both client and server, no suid/sgid.
   • Network activity: does it open any port ? Does it handle incoming network data ?
     • Yes it opens a configurable port. Yes it handles network incoming data.
   • Any source code review performed ? (The approver will do a quick and shallow check.)
     • no

4. Quality assurance:

   • In what situations does the package not work out of the box without configuration ?
     • Given the very specific nature of the package, it needs to be configured properly before it can be of any use.
   • Does the package ask any debconf questions higher than priority 'medium' ?
     • Yes, some scripts will require review. For example "db_input medium openvpn/create_tun" does not apply to Ubuntu as we use udev.

   • Debian bugs: Several bugs that need to be addressed.

   • Maintenance in Debian is very calm

   • Upstream is vigorous

   • Hardware: Does this package deal with hardware and if so how exotic is it ?
     • no

5. Standards compliance:

   • FHS, Debian Policy compliance:

     • Yes the package looks compliante.

   • Debian library packaging guide standards compliance ?

     • no libraries
   • Packaging system (debhelper/cdbs/dbs) ? Patch system ? Any packaging oddities ?
     • debhelper, no patch system, no odditied.

6. Dependencies:

   • All B-D and Depends are in main. Nothing fancy.

Reviewers

MIR bug: https://bugs.launchpad.net/bugs/183698

The author of this report should put their name here; reviewers will add comments etc. too

FabioMassimoDiNitto