[MIR] libiscsi
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libiscsi (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
qemu (Ubuntu) |
Fix Released
|
Medium
|
James Page |
Bug Description
Checking against https:/
1: libiscsi is already available in universe: https:/
=====
2: Rationale:
=====
a) iSCSI has become the de-facto standard for connecting infrastructure servers to SAN/NAS storage
b) qemu, which is already in main, depends on libiscsi for iscsi support:
https:/
3: Security
=====
a) no entries found in CVE database
b) no entries found in Secunia database
c) no entries found in Ubuntu CVE tracker
d) executable security:
NO executables which have the suid or sgid bit set.
NO executables in /sbin, /usr/sbin.
NO packages which install daemons (/etc/init.d/*)
NO packages which open privileged ports (ports < 1024).
NO add-ons and plugins to security-sensitive software (filters, scanners, UI skins, etc)
4: QA
=====
a) no configuration required - installs shared library and supporting tools for inquiring iSCSI portals and targets
b) no debconf questions
c) no long-term outstanding important bugs
d)
Debian PTS: http://
* 4 lintian warning about missing manpages for 2 binaries in the support tools
* 2 buildd log warnings
* 1 bug that a newer upstream version is available
Ubuntu
https:/
* 1 NEW bug complaining that libiscsi doesn't work with multipath on EMC
Upstream:
* no open bugs: https:/
e) Maintenance in Debian/Ubuntu is acceptable. However, several newer upstream releases are available: https:/
--> this needs to be fixed in Debian. Upstream development is very active.
f) no exotic hardware
g) test-tool is available, but not run during build because it requires a running iSCSI portal / target, which cannot be expected to be available on a build server
h) debian/watch does *not* exist, but debian/copyright contains a link to github
--> this needs to be fixed in Debian
5.) UI standards: n/a
=====
6.) Dependencies:
=====
* shared library has no external dependencies except for libc6, and only build-deps on debhelper and libpopt-dev which are already in main
* binaries depend on the shared library libiscsi1 which is created out of this source package, and libpopt0, which is already in main
7.) Standards compliance
=====
No issues found except for missing man pages for the support tools and some minor buildd warnings, already mentioned in 4d)
8.) Maintenance
=====
Debian maintenance seems to be OK, so syncing should be enough.
9.) Background info
=====
See 2.) Rationale
Changed in libiscsi (Ubuntu): | |
milestone: | none → ubuntu-16.04 |
importance: | Undecided → Medium |
Changed in libiscsi (Ubuntu): | |
status: | New → Fix Committed |
Changed in qemu (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → James Page (james-page) |
Additional reasoning:
http:// manpages. ubuntu. com/manpages/ trusty/ man1/qemu. 1.html mentions iSCSI support, main inclusion of libiscsi is the only blocker for qemu to support iSCSI natively (without going via the OS)