Comment 3 for bug 1053470

MIR review based on earlier code:
 * Builds fine with only main enabled
 * No test suite. Does not meet the acceptance criteria
 * Uses vala, not python
 * Canonical is the upstream
 * Make sure there is a bug subscriber
 * No watch file-- not an issue for this MIR since we are the upstream, but a watch file with proper release tarballs is preferred
 * Lintian clean on source and binaries
 * debian/rules is clean
 * provides a dbus session service
 * no dbus system services or otherwise privileges commands, initscripts/upstart job or cron jobs
 * hardening options are enabled, but PIE and BINDNOW are not. Please compile unity-shopping-daemon with PIE and BINDNOW
 * there are various compiler warnings.

Security review:
As John mentioned, go to global menu. type in something (eg, 'foo'), Foo Fighters and other stuff comes up in 'Treat yourself'. Clicking it opens the browser in amazon. No reason for an audit as we are just passing a URL to the browser.

Something also needs to be done about the lack of a test suite. Rather than just manual tests, it seems the dbus service could be tested easily enough during the build and then add some unit tests for the vala stuff. I'll let Didier decide on what meets acceptance criteria wrt the testsuite though....

I'm told the compiler warnings are not fixable and a problem with vala. Conditional ACK provided it is compiled to build with PIE and BINDNOW.

Archive review:
I reviewed for deNEW and the package looks fine.