Main Inclusion Report for libproxool-java

Requirements

1. Availability: http://archive.ubuntu.com/ubuntu/pool/universe/libp/libproxool-java; available for all supported architectures.

2. Rationale:

   • Runtime dependency of eucalyptus 1.6.2, replaces c3p0 which is more unstable.
   • Build-time dependency of eucalyptus-commons-ext 0.5.0

3. Security:

   • CVE entries: none

   • Secunia history: none

   • No binaries running as root or suid/sgid, no daemons.
   • Network activity: proxool doesn't open any ports by itself. It is a Java connection pool, so it handles connections opened by other code.
   • No direct binary processing.
   • No source code review performed.

4. Quality assurance:

   • Package is a Java library, works out of the box without configuration.
   • No debconf questions higher than priority 'medium'.

   • Debian bugs: none

   • Maintenance in Debian is vigorous.

   • Upstream is calm, though alive.

   • Upstream bug tracker: nothing outstanding.

   • Hardware: This package doesn't deal with hardware, runs inside a JVM.
   • There is a test suite in the upstream source, though the Debian packaging rewrites the build system completely, so it's a non-trivial effort to try to enable it.

5. Standards compliance:

   • Package follows FHS, Debian Policy, and Java Debian and Ubuntu policies.

   • Package is using classic CDBS/ant packaging, as most Java libraries.

6. Dependencies:

   • Only build-dependency not in main right now is libavalon-framework-java, MIR follows.

7. Maintenance:

   • Little maintenance is expected: this package has no bugs filed and is maintained by the debian-java team.
   • The debian-java team, with its few Ubuntu members, is responsible for monitoring the quality of this package and fixing its bugs.

8. Background information:

   • Package purpose is clear from its description.
   • Upstream calls this software "Proxool"

Reviewers

MIR bug: https://launchpad.net/bugs/497390