cloudprint needs security review to use it as implementation sample for gnome-settings-daemon
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloudprint (Ubuntu) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
On the UDS P we decided to integrate Google Cloud Print in Ubuntu Precise by making it easy to share out the local printers to the Google cloud. For the user daemon to do this we decided on the lightweight cloudprint (and not on the Google Chrome browser). Therefore cloudprint needs to get into Main.
See the Blueprint:
https:/
The package is currently available in Ubuntu Universe.
No security vulnerabilities are known on CVE and Secunia.
The package does not have any GUI, it is pure command line. So it needs neither translations nor .desktop files. The use of the command line interface is described in a man page. The package is a user daemon and so it needs user interaction only for setup, after that it is simply running in the background. GUI for setup is planned to be added to GNOME Control Center, see bug 888981.
Packaging and package installation is straightforward. debconf is not used. The packaging fulfills all Debian/Ubuntu packaging standards, including a comment-only debian/watch file.
All dependencies are in Main already.
No major bugs are known. The package survived also well a stress testing on a machine with ~100 print queues.
No special hardware is required, any printer (including virtual cups-pdf printer) is exported into the cloud by any kind of machine connected to the internet.
The package is maintained upstream. The upstream author has accepted my patches which have fixed important bugs.
Changed in cloudprint (Ubuntu): | |
importance: | Undecided → Medium |
Changed in cloudprint (Ubuntu): | |
assignee: | Jamie Strandboge (jdstrand) → nobody |
I'd appreciate a thorough review from the security team for this. This is the kind of package which exposes user data, credentials, open ports, and local hardware to the network, and thus should be scrutinized before we let it into main and the default installation.