MainInclusionReportPkcs11Helper
Differences between revisions 1 and 8 (spanning 7 versions)
|
Size: 3145
Comment: initial creation, dupe of template
|
← Revision 8 as of 2008-08-06 16:26:42 ⇥
Size: 3431
Comment: converted to 1.6 markup
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 2: | Line 2: |
'''Note''': when writing a report this template should be vigorously edited; as a rule of thumb, every individual point should be replaced with a description of the actual situation in the package in question. The purpose of the report is to convey information to the reviewer, so there is no problem with varying the text in the bullet items, or with adding additional information. Please be informative, and in particular be thorough in investigating and explaining any weaknesses and problems with the package. The purpose of the report is to show to the reviewer that the package has been properly investigated, and to give the reviewer the information from that investigation, for their decision. |
|
| Line 9: | Line 5: |
| 0. ''Availability:'' [http://archive.ubuntu.com/ubuntu/pool/universe/s/sourcepackage]; available for all supported architectures or some subset ? | 0. ''Availability:'' * source: [[http://archive.ubuntu.com/ubuntu/pool/universe/p/pkcs11-helper/]] * binary packages: libpkcs11-helper1, libpkcs11-helper1-dev * available for i386 and amd64 |
| Line 11: | Line 10: |
| * Build dependency of ... * |
* Build dependency of ecryptfs-utils (MainInclusionReportEcryptfsUtils) * Build dependency of openvpn. Allows openvpn to be used with smartcards. |
| Line 14: | Line 13: |
| * [http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=PRODUCT_NAME CVE entries]: ... * [http://secunia.com/search/?search=PRODUCT_NAME Secunia history]: ... * Any binaries running as root or suid/sgid ? Any daemons ? * Network activity: does it open any port ? Does it handle incoming network data ? * Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? * Any source code review performed ? (The approver will do a quick and shallow check.) |
* [[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pkcs11|cve entries]] * [[http://secunia.com/search/?search=pkcs11|Secunia history]]: ... * Any binaries running as root or suid/sgid? '''no''', this is a library * Any daemons? '''no''', this is a library * Network activity: does it open any port ? '''no''' * Does it handle incoming network data ? '''no''' * Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? '''no''' * Any source code review performed ? '''no''' |
| Line 21: | Line 22: |
| * In what situations does the package not work out of the box without configuration ? * Does the package ask any debconf questions higher than priority 'medium' ? * [http://bugs.debian.org/src:SOURCE_PACKAGE_NAME Debian bugs]: (mention any that are particularly relevant, and any showstoppers) * [http://packages.qa.debian.org/S/SOURCE_PACKAGE_NAME.html Maintenance in Debian] is frenetic/vigorous/calm/dead ? * [http:// Upstream] is frenetic/vigorous/calm/dead ? * [http:// Upstream bug tracker]: (mention any particularly relevant or critical) * Hardware: Does this package deal with hardware and if so how exotic is it ? * Is there a test suite in the upstream source or packaging ? Is it enabled to run in the build ? |
* In what situations does the package not work out of the box without configuration ? '''none''' * Does the package ask any debconf questions higher than priority 'medium' ? '''no''' * [[http://bugs.debian.org/src:pkcs11-helper|Debian bugs]]: '''none''' * [[http://packages.qa.debian.org/p/pkcs11-helper.html|Debian activity]] is '''calm''' ? * [[http://www.opensc-project.org/pkcs11-helper/|Upstream activity]] is '''calm''' ? * [[http://www.opensc-project.org/pkcs11-helper/report|Upstream bug tracker]]: '''none''' * Hardware: Does this package deal with hardware and if so how exotic is it ? '''no''' * Is there a test suite in the upstream source or packaging ? '''yes''' Is it enabled to run in the build ? |
| Line 30: | Line 31: |
| * [http://www.pathname.com/fhs/ FHS], [http://www.de.debian.org/doc/debian-policy/ Debian Policy] compliance ? * [http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html Debian library packaging guide] standards compliance ? * Packaging system (debhelper/cdbs/dbs) ? Patch system ? Any packaging oddities ? |
* [[http://www.pathname.com/fhs/|FHS]], [[http://www.de.debian.org/doc/debian-policy/|Debian Policy]] compliance ? '''yes''' * [[http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html|Debian library packaging guide]] standards compliance ? * Packaging system (debhelper/cdbs/dbs) ? '''cdbs''' * Patch system ? '''no patches against upstream''' * Any packaging oddities ? '''no''' |
| Line 34: | Line 37: |
| * ... * Are these all in main ? 0. ''Background information:'' * The general purpose and context of the package should be clear from the package's debian/control file. If it isn't then please explain. * What do upstream call this software ? Has it had different names in the past ? |
* Build-Depends: cdbs (>= 0.4.27-1), debhelper (>= 5), autotools-dev, libssl-dev, pkg-config, doxygen * Depends: libpkcs11-helper1 (= ${binary:Version}), libssl-dev * Are these all in main ? '''yes''' 0. ''Background information:'' Control file says: * Description: library that simplifies the interaction with PKCS#11 libpkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications. libpkcs11-helper allows using multiple PKCS#11 providers at the same time, enumerating available token certificates, or selecting a certificate directly by serialized id, handling card removal and card insert events, handling card re-insert to a different slot, supporting session expiration and much more all using a simple API. libpkcs11-helper is not designed to manage card content, since object attributes are usually vendor specific, and 99% of application need to access existing objects in order to perform signature and decryption. * What do upstream call this software ? '''pkcs11-helper''' Has it had different names in the past ? '''no''' |
| Line 42: | Line 46: |
| MIR bug: [https://bugs.launchpad.net/BUGNUMBER] | MIR bug: Bug:247336 |
| Line 44: | Line 48: |
| ''The author of this report should put their name here; reviewers will add comments etc. too'' | * DustinKirkland * ChuckShort |
Main Inclusion Report for pkcs11-helper
Requirements
Availability:
source: http://archive.ubuntu.com/ubuntu/pool/universe/p/pkcs11-helper/
- binary packages: libpkcs11-helper1, libpkcs11-helper1-dev
- available for i386 and amd64
Rationale:
Build dependency of ecryptfs-utils (MainInclusionReportEcryptfsUtils)
- Build dependency of openvpn. Allows openvpn to be used with smartcards.
Security:
Secunia history: ...
Any binaries running as root or suid/sgid? no, this is a library
Any daemons? no, this is a library
Network activity: does it open any port ? no
Does it handle incoming network data ? no
Does it directly (not through a library) process binary (video, audio, etc) or structured (PDF, etc) data ? no
Any source code review performed ? no
Quality assurance:
In what situations does the package not work out of the box without configuration ? none
Does the package ask any debconf questions higher than priority 'medium' ? no
Debian bugs: none
Debian activity is calm ?
Upstream activity is calm ?
Upstream bug tracker: none
Hardware: Does this package deal with hardware and if so how exotic is it ? no
Is there a test suite in the upstream source or packaging ? yes Is it enabled to run in the build ?
Standards compliance:
FHS, Debian Policy compliance ? yes
Debian library packaging guide standards compliance ?
Packaging system (debhelper/cdbs/dbs) ? cdbs
Patch system ? no patches against upstream
Any packaging oddities ? no
Dependencies:
Build-Depends: cdbs (>= 0.4.27-1), debhelper (>= 5), autotools-dev, libssl-dev, pkg-config, doxygen
- Depends: libpkcs11-helper1 (= ${binary:Version}), libssl-dev
Are these all in main ? yes
Background information: Control file says:
- Description: library that simplifies the interaction with PKCS#11 libpkcs11-helper is a library that simplifies the interaction with PKCS#11 providers for end-user applications. libpkcs11-helper allows using multiple PKCS#11 providers at the same time, enumerating available token certificates, or selecting a certificate directly by serialized id, handling card removal and card insert events, handling card re-insert to a different slot, supporting session expiration and much more all using a simple API. libpkcs11-helper is not designed to manage card content, since object attributes are usually vendor specific, and 99% of application need to access existing objects in order to perform signature and decryption.
What do upstream call this software ? pkcs11-helper Has it had different names in the past ? no
Reviewers
MIR bug: 247336
MainInclusionReportPkcs11Helper (last edited 2008-08-06 16:26:42 by localhost)