Quassel main inclusion report

Assigning to ubuntu-security as according to MIR kees is supposed to do a code review (due to open port).

2009-01-27 15:55:06 Warning: SslServer: Certificate file /home/kees/.config/quassel-irc.org/quasselCert.pem does not exist
2009-01-27 15:55:06 Warning: SslServer: Unable to set certificate file
           Quassel Core will still work, but cannot provide SSL for client connections.
           Please see http://quassel-irc.org/faq/cert to learn how to enable SSL support.
2009-01-27 15:55:06 Warning: SslServer: Certificate file /home/kees/.config/quassel-irc.org/quasselCert.pem does not exist

Since quassel is SSL-aware, it should Depend on ca-certificates and use those by default.

Note that only affects the split client packages which we do not expect to
put in main.

Currently when we install the server (core) package we create a cert (which
obviously doesn't have a CA associated with it).

The default upstream behavior is no SSL unless you manually make a cert.
We thought it was better to automatically provide SSL with no CA cert than
nothing.

I'm open to suggestions on how to deal with this?

Beyond that, I don't see anything that really stands out to me. String handling is done via C++, auto-response elements look right, sprintf-like things are done sanely, and the SQL all looks to be injection-safe. +1 from me on a quick overview audit.

Note: Kees and I discussed via IRC that the SSL cert question is only relevant for quassel-client and quassel-core which we plan to leave in Universe.

Promoted.