[MIR] net-cpp

I reviewed net-cpp 0.0.1+14.10.20140611-0ubuntu1 as checked into utopic.
net-cpp is a library interface to provide a REST-ful wrapper around
libcurl for C++ progams.

Compiling net-cpp required libjsoncpp-dev from universe.

- Build deps: cmake, debhelper (>= 9), doxygen, google-mock, graphviz,
  libboost-dev, libboost-serialization-dev, libboost-system-dev, libcurl3,
  libcurl4-openssl-dev, libjsoncpp-dev, libprocess-cpp-dev, pkg-config,
  python-decorator, python-flask, python-flask-script, python-simplejson,
- Embedded httpbin tarball
- Provides a library interface to curl
- No daemons
- No listening sockets
- Does not itself run as a system user
- No post,pre inst,rm
- No initscripts
- No dbus services
- No setuid
- No binaries
- No sudo fragments
- No udev rules
- Some tests are included and run during the build
- No cron jobs
- Fairly noisy logs mostly due to documentation generation

- No subprocesses spawned
- Memory manage looked sane
- Doesn't itself do file operations
- Logging functions looked sane
- No environment variables used
- No privileged functions used
- Does not itself use cryptography
- Properly requests curl hostname and certificate validation
- Does not itself do networking operations
- No portions of code are privileged
- No temporary files
- No webkit
- No javascript
- Clean cppcheck
- No polkit

Net-cpp is high-quality professional code. I only spotted one potential
problem, the occasional multiplication of size and nmemb variables, that
might lead to integer overflow issues. This feels unlikely to be a real
security threat but it would be nice to use an API that doesn't rely upon
the unchecked multiplication of these variables:

context.body.write(data, size * nmemb);
const char* end = begin + size*nmemb;

Security team ACK for promotion to main.

Thanks

From a packaging perspective, things are fine. I like the symbols file and the tests. But we need a team bug subscriber for which ever team will look after this in Ubuntu. Besides that, looks good.

I subscribed the Ubuntu phablet team under the subscription name "net-cpp-bugs".

Thomas, did you subscribe them to the Ubuntu bugs? Go to https://launchpad.net/ubuntu/+source/net-cpp and click "Subscribe to bug mail"

Done, thanks for the hint :)

Awesome, thanks! Approved.

Override component to main
net-cpp 0.0.1+14.10.20140611-0ubuntu1 in utopic: universe/libs -> main
libnet-cpp-dev 0.0.1+14.10.20140611-0ubuntu1 in utopic amd64: universe/libdevel/optional/100% -> main
libnet-cpp-dev 0.0.1+14.10.20140611-0ubuntu1 in utopic arm64: universe/libdevel/optional/100% -> main
libnet-cpp-dev 0.0.1+14.10.20140611-0ubuntu1 in utopic armhf: universe/libdevel/optional/100% -> main
libnet-cpp-dev 0.0.1+14.10.20140611-0ubuntu1 in utopic i386: universe/libdevel/optional/100% -> main
libnet-cpp-dev 0.0.1+14.10.20140611-0ubuntu1 in utopic ppc64el: universe/libdevel/optional/100% -> main
libnet-cpp-doc 0.0.1+14.10.20140611-0ubuntu1 in utopic amd64: universe/doc/optional/100% -> main
libnet-cpp-doc 0.0.1+14.10.20140611-0ubuntu1 in utopic arm64: universe/doc/optional/100% -> main
libnet-cpp-doc 0.0.1+14.10.20140611-0ubuntu1 in utopic armhf: universe/doc/optional/100% -> main
libnet-cpp-doc 0.0.1+14.10.20140611-0ubuntu1 in utopic i386: universe/doc/optional/100% -> main
libnet-cpp-doc 0.0.1+14.10.20140611-0ubuntu1 in utopic powerpc: universe/doc/optional/100% -> main
libnet-cpp-doc 0.0.1+14.10.20140611-0ubuntu1 in utopic ppc64el: universe/doc/optional/100% -> main
libnet-cpp0 0.0.1+14.10.20140611-0ubuntu1 in utopic amd64: universe/libs/optional/100% -> main
libnet-cpp0 0.0.1+14.10.20140611-0ubuntu1 in utopic arm64: universe/libs/optional/100% -> main
libnet-cpp0 0.0.1+14.10.20140611-0ubuntu1 in utopic armhf: universe/libs/optional/100% -> main
libnet-cpp0 0.0.1+14.10.20140611-0ubuntu1 in utopic i386: universe/libs/optional/100% -> main
libnet-cpp0 0.0.1+14.10.20140611-0ubuntu1 in utopic ppc64el: universe/libs/optional/100% -> main
17 publications overridden.

fyi, package was removed.