MainInclusionReportSshFs

Differences between revisions 1 and 12 (spanning 11 versions)
Revision 1 as of 2008-08-04 10:53:08
Size: 3011
Editor: p5098ed03
Comment: initial submission
Revision 12 as of 2008-08-06 16:27:08
Size: 3066
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= Main Inclusion Report for sshfs = = Main Inclusion Report for sshfs-fuse =
Line 5: Line 5:
 0. ''Availability:'' [http://archive.ubuntu.com/ubuntu/pool/universe/s/sshfs]; is available for all supported architectures ?  0. ''Availability:'' [[http://archive.ubuntu.com/ubuntu/pool/universe/s/sshfs-fuse]]; is available for all supported architectures
Line 7: Line 7:
  * With the support for local applications on thin clients in LTSP a way was needed to make the ltsp login manager (LDM) mount the homedir of the logged in user on the client. Since LDM uses ssh to connect to the server and already puts an ssh communication socket in place, the natural choice was to re-use this socket to establish an sshfs mount. To provide the localapps functionality out of the box as planned the ltsp-client package will have to depend on sshfs which means sshfs has to move to main and onto the Ubuntu alternate CD.
  *
  * With the support for local applications on thin clients in LTSP a way was needed to make the ltsp login manager (LDM) mount the homedir of the logged in user on the client. Since LDM uses ssh to connect to the server and already puts an ssh communication socket in place, the natural choice was to re-use this socket to establish an sshfs mount. To provide the localapps functionality out of the box as planned the ltsp-client package will have to depend on sshfs which means sshfs-fuse has to move to main and onto the Ubuntu alternate CD.
Line 10: Line 10:
  * [http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sshfs CVE entries]: ...
  * [http://secunia.com/search/?search=sshfs Secunia history]: ...
  * No [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sshfs-fuse|CVE entries]]
  * No [[http://secunia.com/search/?search=sshfs-fuse|Secunia history]]
Line 14: Line 14:
  * Sshfs does not process binary (video, audio, etc) or structured (PDF, etc) data ?
  * Any source code review performed ? (The approver will do a quick and shallow check.)
  * Sshfs does not process binary (video, audio, etc) or structured (PDF, etc) data
  * A sourcecode review was performed (the source actually consists only of three .c files), given that sshfs upstream is identical to fuse upstream no unexpected oddness was found.
Line 17: Line 17:
  * In what situations does the package not work out of the box without configuration ?
  * Does the package ask any debconf questions higher than priority 'medium' ?
  * [http://bugs.debian.org/src:SOURCE_PACKAGE_NAME Debian bugs]: (mention any that are particularly relevant, and any showstoppers)
  * [http://packages.qa.debian.org/S/SOURCE_PACKAGE_NAME.html Maintenance in Debian] is frenetic/vigorous/calm/dead ?
  * [http:// Upstream] is frenetic/vigorous/calm/dead ?
  * [http:// Upstream bug tracker]: (mention any particularly relevant or critical)
  * Hardware: Does this package deal with hardware and if so how exotic is it ?
  * Is there a test suite in the upstream source or packaging ? Is it enabled to run in the build ?
  * In Ubuntu the package will always work out of the box without configuration (unlike debian where you ave to tinker with fuse setup first).
  * The package does not ask any debconf questions.
  * [[http://bugs.debian.org/src:sshfs-fuse|Debian bugs]]: one tagged "important" on powerpc that is rather fuse related, 8 outstanding bugs
  * [[http://packages.qa.debian.org/s/sshfs-fuse.html|Maintenance in Debian]] is moderate.
  * [[http://fuse.sourceforge.net/sshfs.html|Upstream]] is calm.
  * [[http://sourceforge.net/mailarchive/forum.php?forum_name=fuse-sshfs|Upstream Tracks bugs via mailinglist]]: So there is no easy way to judge severity of bugs.
  * Hardware: The package does not deal with any specific hardware.
  * There is no test suite in the upstream code, a simple test would be to do: sshfs user@host:/<dir> /<mountpoint>
Line 26: Line 26:
  * [http://www.pathname.com/fhs/ FHS], [http://www.de.debian.org/doc/debian-policy/ Debian Policy] compliance ?
  * [http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html Debian library packaging guide] standards compliance ?
  * Packaging system (debhelper/cdbs/dbs) ? Patch system ? Any packaging oddities ?
  * It is [[http://www.pathname.com/fhs/|FHS]] and [[http://www.de.debian.org/doc/debian-policy/|Debian Policy]] compliant.
  * It does not provide any libraries.
  * The Package uses debhelper as packaging system, it provides no additional patch system.
Line 30: Line 30:
  * ...
  * Are these all in main ?
  * fuse, libglib
  * All of these are in main (and on the CD already)
Line 33: Line 33:
  * The general purpose and context of the package should be clear from the package's debian/control file. If it isn't then please explain.
  * What do upstream call this software ?  Has it had different names in the past ?
  * The general purpose and context of the package is clear and straightforward from the package description.
  * Upstream calls this software sshfs-fuse since the beginning.
Line 38: Line 38:
MIR bug: [https://launchpad.net/bugs/BUGNUMBER] MIR bug: [[https://launchpad.net/bugs/BUGNUMBER]]
Line 40: Line 40:
''The author of this report should put their name here; reviewers will add comments etc. too'' ''Author: OliverGrawert''

Main Inclusion Report for sshfs-fuse

Requirements

  1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/s/sshfs-fuse; is available for all supported architectures

  2. Rationale:

    • With the support for local applications on thin clients in LTSP a way was needed to make the ltsp login manager (LDM) mount the homedir of the logged in user on the client. Since LDM uses ssh to connect to the server and already puts an ssh communication socket in place, the natural choice was to re-use this socket to establish an sshfs mount. To provide the localapps functionality out of the box as planned the ltsp-client package will have to depend on sshfs which means sshfs-fuse has to move to main and onto the Ubuntu alternate CD.
  3. Security:

    • No CVE entries

    • No Secunia history

    • No binaries are running as root or suid/sgid, sshfs wraps around the fuse filesystem and sftp.
    • Network activity: sshfs establishes a fuse network mount on top of a ssh connection. It is a client application, does not run any daemons and operates on the ssh standard ports.
    • Sshfs does not process binary (video, audio, etc) or structured (PDF, etc) data
    • A sourcecode review was performed (the source actually consists only of three .c files), given that sshfs upstream is identical to fuse upstream no unexpected oddness was found.
  4. Quality assurance:

    • In Ubuntu the package will always work out of the box without configuration (unlike debian where you ave to tinker with fuse setup first).
    • The package does not ask any debconf questions.
    • Debian bugs: one tagged "important" on powerpc that is rather fuse related, 8 outstanding bugs

    • Maintenance in Debian is moderate.

    • Upstream is calm.

    • Upstream Tracks bugs via mailinglist: So there is no easy way to judge severity of bugs.

    • Hardware: The package does not deal with any specific hardware.
    • There is no test suite in the upstream code, a simple test would be to do: sshfs user@host:/<dir> /<mountpoint>

  5. Standards compliance:

    • It is FHS and Debian Policy compliant.

    • It does not provide any libraries.
    • The Package uses debhelper as packaging system, it provides no additional patch system.
  6. Dependencies:

    • fuse, libglib
    • All of these are in main (and on the CD already)
  7. Background information:

    • The general purpose and context of the package is clear and straightforward from the package description.
    • Upstream calls this software sshfs-fuse since the beginning.

Reviewers

MIR bug: https://launchpad.net/bugs/BUGNUMBER

Author: OliverGrawert

MainInclusionReportSshFs (last edited 2008-08-06 16:27:08 by localhost)