Comment 11 for bug 913883

Report for shallow review of zookeeper:
 * /usr/bin/zooinspector does not have a man page
 * upstart job looks fine, and zookeeperd runs as non-root
 * There are no dbus services, sudoers fragments or setuid binaries
 * test suite is enabled in the build
 * build logs do have some warnings. See with "egrep -i '(error|warning):' <buildlog>". Notably:
  * [javac] PerChannelBookieClient.java:44: warning: [deprecation] org.jboss.netty.channel.ChannelPipelineCoverage in org.jboss.netty.channel has been deprecated
  * [javac] PerChannelBookieClient.java:62: warning: [deprecation] org.jboss.netty.channel.ChannelPipelineCoverage in org.jboss.netty.channel has been deprecated
 * looking at the code and spot checking here and there, memory, string operations, et al seem fine
 * zkfuse.cc had some interesting stuff and could be problematic, but we don't ship it
 * ./src/contrib/bookkeeper/src/java/org/apache/bookkeeper/bookie/Bookie.java: predictable file name in a world writable directory. This should be checked out. Shouldn't be an issue with yama

While ACLs are supported and various forms of authentication come built in (eg ip and digest authentication, with kerberos authentication is in 3.4 (not in precise yet)), one thing this is a bit disappointing (which is all too common) is the lack of native SSL support. Upstream says network security is the answer to this (ie, firewalls, security groups, etc), and also suggested stunnel: http://<email address hidden>/msg00588.html. It would be good if the documentation or prominent man page made this clear.

Based on my review and an active upstream, ACK with suggested documentation change.