© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
[Duplication]
There is no equivalent functionality in main.
Some of its crypto functionality referred to be simlar to libnss3 but that is no duplication either as it implements it by using libnss3 just providing a different level of abstraction and integration into the other kronosnet features.
This source also contains libnozzle* binary packages which are not pulled in by corosync.
MIR review is on source scope, but I'd nack that part of it and recommend to not pull it in.
It is described as:
This is an over-engineered commodity library to manage a pool of tap devices and provides the basic pre-up.
I think we have enough fun with pre/post hooks in the systemd-networkd world already.
Not a nack for nozzle, but a request to think twice then.
Looking at references it might be added by corosync down the road:
https:/
kronosnet itself seems safe and a unique use case to be worth promiting.
[Embedded sources and static linking]
- no embedded libraries or tools
- no static linking used
- no golang
[Security]
- no CVEs yet
- it does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not processes arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
Ok, but needing review by security:
- kronosnet parses data formats (its own transport)
- opens a port (indirectly by providing network to apps using the lib)
- it has no daemon at the moment, but kronosnetd exists (is not packaged at the moment)
- by the nature what functionality the package provides (network transport, encryption) it is security sensitive and needs a security review
[Common blockers]
- Does it FTBFS currently? => No (only on x32 which is not in Ubuntu)
- Test suite for kronosnet active and working
- Tests for nozzle active, but all tests skipped
- But subscriber will be the server-team for HA packages in general
- I have not found translations, but this is only for admins not for (unskilled) end-user usage
- no python code to consider for py2
[Packaging red flags]
- Ubuntu carries no delta
- symbols tracking in place
- d/watch in place
- Debian is very up to date and has regular uploads
- no Lintian warnings at all (wow)
- d/rules is rather clean
- not using Built-Using
[Upstream red flags]
- regular upstream releases
- no errors, a few warnings on undocumented internal data structures and functions
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no Open bugs
- none except the MIR in Ubuntu
- only one about x32 FTBFS in Debian (no problem for us)
- no major bugs open atm (crashers, etc) in Upstream
- No Dependency on webkit, qtwebkit, seed or libgoa-*
- no Embedded source copies
- not part of the Unity Dash for privacy settings?
[Summary]
I'd not really like libnozzle yet (e.g tests disabled) but even that looks ok.
The actual request is for libknet which seems good upstream and well packaged and maintained in Debian.
Ack from the MIR team.
But the nature of the package requires a security review, hence assigning to security.
Finally the package has no team bug subscriber yet, please resolve that as well before it can be promoted.