I reviewed pmdk 1.7-1ubuntu1 as checked into focal. This shouldn't be considered a full audit but rather a quick gauge of maintainability. pmdk comes from Persistent Memory Development Kit and it's a collection of libraries and tool which allows applications to access persistent memory as memory-mapped files. - No CVEs found. - No encryption dependency in particular. - No pre/post inst/rm scripts - No init scripts. - No systemd units. - No dbus services. - No setuid binaries. - binaries in PATH: - ./usr/bin/daxio (pmdk-tools) - ./usr/bin/pmempool (pmdk-tools) - ./usr/bin/rpmemd (pmdk-tools) - No sudo fragments found. - No udev rules. - 262 unit tests present. - No autopkgtests. - No cronjobs. - Build logs - Minor warnings during the build: - install: WARNING: ignoring --strip-program option as -s option was not specified - dpkg-gencontrol: warning: Depends field of package libpmemlog-dev: substitution variable ${shlibs:Depends} used, but is not defined - dpkg-gencontrol: warning: Depends field of package libvmmalloc-dev: substitution variable ${shlibs:Depends} used, but is not defined - dpkg-gencontrol: warning: Depends field of package libvmem-dev: substitution variable ${shlibs:Depends} used, but is not defined - dpkg-gencontrol: warning: Depends field of package libpmemblk-dev: substitution variable ${shlibs:Depends} used, but is not defined - dpkg-gencontrol: warning: Depends field of package libpmem-dev: substitution variable ${shlibs:Depends} used, but is not defined - dpkg-gencontrol: warning: Depends field of package librpmem-dev: substitution variable ${shlibs:Depends} used, but is not defined - dpkg-gencontrol: warning: Depends field of package libpmempool-dev: substitution variable ${shlibs:Depends} used, but is not defined - dpkg-gencontrol: warning: Depends field of package libpmemobj-dev: substitution variable ${shlibs:Depends} used, but is not defined - No relevant process spawning found. - Memory management seems to be done properly. The project have its own implementation of memcpy and memset to be used by the user. No problems found on this part. - No issues with log found. - Those environment variable were found: - NON_PMEM_FS_DIR - PMEM_FS_DIR - PMEM_IS_PMEM_FORCE - PMEM_MMAP_HINT - PMEM_MOVNT_THRESHOLD - PMEM_NO_CLFLUSHOPT - PMEM_NO_CLWB - PMEM_NO_FLUSH - PMEM_NO_MOVNT - PMREORDER_EMIT_LOG - PMREORDER_MARKER_NAME - RPMEM_CMD - RPMEM_ENABLE_SOCKETS - RPMEM_ENABLE_VERBS - RPMEM_MAX_NLANES - RPMEM_SSH - RPMEM_WORK_QUEUE_SIZE - VMMALLOC_FORK - VMMALLOC_POOL_DIR - VMMALLOC_POOL_SIZE - No use of privileged functions. - No use of cryptography. - Use of temp files looks safe. Most of them for tests. - No use of networking. - No use of WebKit. - No use of PolicyKit. - cppcheck shows multiple uninitialized variable cases. Nothing concerning. No serious issues found in coverity results. Upstream also has a coverity instance and they do a good job tracking and fixing the found issues. Most of the issues are in examples and tests. Security team ACK for promoting pmdk to main only for amd64 since arm 64-bit is experimental. Also keep librpmem* packages in universal since they are experimental too (doc/README).