[Bug 1020232] Re: [MIR] xz-java

Jamie Strandboge Wed, 08 Aug 2012 15:15:55 -0700

MIR review:
 * Builds fine with only main enabled
 * No testsuite
 * No Ubuntu delta
 * No bug subscriber
 * Has a watch file
 * This is pretty new software, with 1.0 coming out late last year and 1.1 a 
few weeks ago
 * lintian clean
 * debian/rules is reasonable
 * Errors/warnings during the build. There are some warnings in the build:
    [javac] warning: [options] bootstrap class path not set in conjunction with 
-source 1.4
    [javac] /PKGBUILDDIR/src/org/tukaani/xz/LZMA2Encoder.java:26: warning: 
[static] static variable should be qualified by type name, LZMA2Options, 
instead of by an expression
    [javac] warning: [options] bootstrap class path not set in conjunction with 
-source 1.4
    [javac] /PKGBUILDDIR/src/org/tukaani/xz/LZMA2Encoder.java:26: warning: 
[static] static variable should be qualified by type name, LZMA2Options, 
instead of by an expression
  [javadoc] warning: [options] bootstrap class path not set in conjunction with 
-source 1.4
 * No bugs in Debian or Ubuntu


Security review:
No CVE history. Only supplies libraries. No initscripts/upstart jobs, dbus 
services, setuid, fscaps usage, sudo/su/pkexec, cron jobs or daemons. Code 
inspection shows this is typical java and highly classed. Doing a shallow 
audit, things seem ok.

I have some reservations with the newness of the package, but the
decoding/encoding code (the security sensitive bits) are based on p7zip,
which is in the archive (though in universe), so it should be possible
to create patches if upstream evaporates.

I have verified xz-java works as expected by creating the xz-java-
test.sh test script. Feel free to update it and add it to the Debian
packaging (I chose the same license that the Debian developer did for
debian/*).

Conditional ACK provided the build warnings are addressed.

** Attachment added: "xz-java-test.sh"
   
https://bugs.launchpad.net/ubuntu/+source/xz-java/+bug/1020232/+attachment/3253551/+files/xz-java-test.sh

** Changed in: xz-java (Ubuntu)
     Assignee: Jamie Strandboge (jdstrand) => Michael Terry (mterry)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1020232

Title:
  [MIR] xz-java

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xz-java/+bug/1020232/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1020232] Re: [MIR] xz-java

Reply via email to