This case was today closed approved. There were some concerns (from Brian Cameron) regarding accessibility and full section 508 compliance. These are now resolved - A waiver to integrate was granted by Michele Budris based on a commitment from the project team to work with wxWidgets community to provide the support for missing a11y features. The project team now intend to integrate in snv_100.
James Gates wrote: > I'm sponsoring this case for Mayuresh Nirhali and Alfred Peng. Timeout > is set for Friday 1st Aug. The onepager & interfaces.txt files are > available in the case materials directory. > > The (attached) proposal is the completed FOSS checklist. No questions > resulted in "ARC review required", but because of Brian Cameron's recent > statement re. accessibility, I think it should be reviewed. > > But I do recall during the ARC[1] case for pgAdmin (which uses > wxWidgets/GTK+) we discussed accessibility and it was determined that > wxWidgets was section 508 compliant. Do we need to check this again? > > [1] http://sac.sfbay/LSARC/2006/644/ > > > James Gates wrote: > >> Template Version: @(#)sac_nextcase 1.66 04/17/08 SMI >> This information is Copyright 2008 Sun Microsystems >> 1. Introduction >> 1.1. Project/Component Working Name: >> wxWidgets: Cross-Platform GUI Library >> 1.2. Name of Document Author/Supplier: >> Author: Mayuresh Nirhali >> 1.3 Date of This Document: >> 25 July, 2008 >> 4. Technical Description >> 1.0 Project Information >> 1.1 Name of project/component >> wxWidgets: Cross-Platform GUI Library >> >> 1.2 Author of document >> Mayuresh Nirhali >> >> 2.0 Project Summary >> 2.1 Project Description >> >> wxWidgets provides a single, >> easy-to-use API for writing GUI applications on multiple >> platforms >> that still utilize the native platform's controls and utilities. >> On top of great GUI functionality, wxWidgets provides: online >> help, >> network programming, streams, clipboard and drag and drop, >> multithreading, image loading and saving in a variety of popular >> formats, database support, HTML viewing and printing, and much >> much >> more. >> >> Please note that WxWidgets version 2.8.8 already exists in >> OpenSolaris >> today, but it is statically linked with pgAdmin3 (LSARC/2006/644 - >> PostgreSQL database adiministration GUI tool). The scope of this ARC >> case is only to expose wxWidgets as a shared library to other Solaris >> components, such as FileZilla. >> >> 2.2 Release binding >> What is is the release binding? >> (see >> http://opensolaris.org/os/community/arc/policies/release-taxonomy/) >> [ ] Major >> [ ] Minor >> [X] Patch or Micro >> [ ] Unknown -- ARC review required >> >> 2.3 Type of project >> Is this case a Linux Familiarity project? >> [X] Yes >> [ ] No >> >> 2.4 Originating Community >> 2.4.1 Community Name >> http://www.wxwidgets.org/ >> 2.4.2 Community Involvement >> Indicate Sun's involvement in the community >> [ ] Maintainer >> [ ] Contributor >> [X] Monitoring >> Will the project team work with the upstream community to >> resolve >> architectural issues of interest to Sun? >> [X] Yes [ ] No - briefly explain >> Will we or are we forking from the community? >> [ ] Yes - ARC review required prior to forking >> [X] No >> 3.0 Technical Description >> 3.1 Installation & Sharable >> 3.1.1S Solaris Installation - section only required for Solaris >> Software >> (see >> http://opensolaris.org/os/community/arc/policies/install-locations/ >> for details) >> Does this project follow the Install Locations best practice? >> [X] Yes [ ] No - ARC review required >> Does this project install into /usr under >> [sbin|bin|lib|include|man|share]? >> [X] Yes >> [ ] No or N/A >> Does this project install into /opt? >> [ ] Yes - explain below >> [X] No or N/A >> Does this project install into a different directory >> structure? >> [ ] Yes - ARC review required >> [X] No or N/A >> Do any of the components of this project conflict with >> anything under /usr? >> (see http://opensolaris.org/os/community/arc/caselog/2007/047/ >> for details) >> [ ] Yes - explain below >> [X] No >> If conflicts exist then will this project install under >> /usr/gnu? >> [ ] Yes >> [ ] No - ARC review required >> [X] N/A >> Is this project installing into /usr/sfw? >> [ ] Yes - ARC review required >> [X] No >> >> 3.2 Exported Libraries >> Are libraries being delivered by this project? >> [X] Yes >> [] No - continue with next section (section 3.3) >> Are 64-bit versions of the libraries being delivered? >> [X] Yes >> [ ] No - ARC review required >> Are static versions of the libraries being delivered? >> [ ] Yes - ARC review required >> [X] No 3.3 Services and the /etc Directory >> (see http://opensolaris.org/os/community/arc/policies/SMF-policy/) >> Does the project integrate anything into /etc/init.d or /etc/rc?.d? >> [ ] Yes - ARC review required >> [X] No >> Does the project integrate any new entries into >> /etc/inittab or >> /etc/inetd.conf? >> [ ] Yes - ARC review required >> [X] No >> Does the project integrate any private non-public files >> into /etc/default >> or /etc/ configuration files? >> [ ] Yes - ARC review required >> [X] No >> Does the service manifests method context grant rights >> above that >> of the noaccess user and basic privilege set? >> [ ] Yes - ARC review required >> [X] No >> 3.4 Security >> 3.4.1 Secure By Default (see >> http://opensolaris.org/os/community/arc/policies/secure-by-default/ >> for details) >> (see >> http://www.opensolaris.org/os/community/arc/policies/NITS-policy/ for >> details) >> (see parts of >> http://opensolaris.org/os/community/arc/policies/SMF-policy/ for >> addtional details) >> Are there any network services provided by this project? >> [ ] Yes >> [X] No - continue with the next section (section 3.4.2) >> Are network services enabled by default? >> [ ] Yes - ARC review required >> [ ] No >> [X] N/A >> Are network services automatically enabled by the project >> during installation? >> [ ] Yes - ARC review required >> [ ] No >> [X] N/A >> Are inbound network communications denied by default? >> [ ] Yes >> [ ] No - ARC review required >> [X] N/A >> Is inbound data checked to prevent content-based attacks? >> [ ] Yes >> [ ] No - ARC review required >> [X] N/A >> Is the outbound receiver authenticated? >> [ ] Yes >> [ ] No - ARC review required >> [X] N/A >> Is the receiver authenticated prior to receiving any >> sensitive outbound communication? >> [ ] Yes >> [ ] No - ARC review required >> [X] N/A >> 3.4.2 Authorization >> (see >> http://opensolaris.org/os/community/arc/bestpractices/rbac-intro/ and >> >> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ and >> >> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ >> for details) >> Are there any setuid/setgid privileged binaries in the project? >> [ ] Yes - ARC review required >> [X] No - continue with next section (section 3.4.3) >> If yes then are the setuid/setgid privileges handled by >> the use of roles? >> [ ] Yes >> [ ] No - ARC review required >> >> 3.4.3 Auditing >> (see >> http://opensolaris.org/os/community/arc/policies/audit-policy/ for >> details) >> (see http://opensolaris.org/os/community/arc/caselog/2003/397 >> for details) >> Does this component contain administrative or security enforcing >> software? >> [ ] Yes - ARC review required >> [X] No - continue to next section (section 3.4.4) >> (see >> http://opensolaris.org/os/community/arc/caselog/2003/397 for details) >> Do the components create audit logs detailing what took place >> including what event >> took place, who was involved, when the event took place? >> [ ] Yes - ARC contract and Audit project team review required >> [ ] No - ARC review required >> 3.4.4 Authentication >> (see http://opensolaris.org/os/community/arc/policies/PAM/) >> Do the components contain any authentication code? >> [ ] Yes >> [X] No - continue to next section (section 3.4.5) >> If yes do the components use PAM (plugable authentication >> modules) for authentication? >> [ ] Yes >> [ ] No - ARC review required >> If yes is a single PAM session maintained during >> authentication? >> [ ] Yes >> [ ] No - ARC review required >> If yes are the components sufficiently privileged to allow >> the requested operations (authentication, password change, >> process credential manipulation, audit state initialization)? >> [ ] Yes - briefly describe below >> [ ] No - ARC review required >> 3.4.5 Passwords >> (see >> http://opensolaris.org/os/community/arc/bestpractices/passwords-cli/ and >> >> http://opensolaris.org/os/community/arc/bestpractices/passwords-files/ >> for details) >> Do any of the components for the project deal with passwords? >> [ ] Yes >> [X] No - continue to next section (section 3.4.6) >> If yes are these passwords entered via the CLI or >> environment? >> [ ] Yes - ARC review required >> [ ] No >> Are passwords stored within the file system for the >> component? >> [ ] Yes >> [ ] No - continue to next section (section 3.4.6) >> If yes are the permissions on the file such to protect >> exposing the password(s)? >> [ ] Yes >> [ ] No - ARC review required >> 3.4.6 General Security Questions >> (see >> http://opensolaris.org/os/community/arc/bestpractices/security-questions/ >> for details) >> Are there any network protocols used by this project? >> [ ] Yes >> [X] No - continue with the next section (section 3.5) >> Do the components use standard network protocols? >> [ ] Yes >> [ ] No - ARC review required >> Do network services for the project make decisions based >> upon user, host or service identities? >> [ ] Yes - explain below >> [ ] No >> [X] N/A >> Do the components make use of secret information during >> authentication and/or >> authorization? >> [ ] Yes - explain below >> [ ] No >> [X] N/A >> 3.5 Networking >> Do the components access the network? >> [ ] Yes >> [X] No - continue with the next section (section 3.6) >> If yes do the components support IPv6? >> [ ] Yes [ ] No - ARC review required >> 3.6 Core Solaris Components >> Do the components of this project compete with or duplicate core >> Solaris components? >> [ ] Yes - ARC review required >> [X] No Examples of Core Solaris Components include >> but are not limited to: >> Secure By Default >> Authorizations >> PAM -- Plugable Authentication Module >> Privilege >> PRM -- Process Rights Management -- Privilege >> Audit >> xVm -- Virtualization >> zones / Solaris Containers >> PRM -- Process Rights Management >> RBAC -- Role Based Access Control >> TX / Trusted Extensions >> ZFS >> SMF -- Service Management Facility >> FMA -- Fault Management Architecture >> SCF -- Smart Card Facility >> IPsec >> 4.0 Interfaces >> (see >> http://www.opensolaris.org/os/community/arc/policies/interface-taxonomy/ >> for details) >> 4.1 Exported Interfaces >> >> See file interfaces.txt in case materials directory >> >> Brief Interface Classifications - See Appendix C for >> definitions >> Volatile - interfaces are fluid and will follow a rapidly changing >> community >> Uncommitted - interfaces are still evolving in the community and >> might follow >> the community >> Committed - interfaces are stable in the community >> Project Private - no review required, just document in table >> Contracted (interface modifier) - further review required >> >> Appendix A - References >> 1. Solaris Installation Locations Policy >> http://opensolaris.org/os/community/arc/policies/install-locations/ >> 2. /usr/gnu Installation ARC case >> http://opensolaris.org/os/community/arc/caselog/2007/047/ >> 3. Secure By Default Policy >> http://opensolaris.org/os/community/arc/policies/secure-by-default/ >> 4. Network Install Time Securityuy Policy >> http://www.opensolaris.org/os/community/arc/policies/NITS-policy/ >> 5. Adding RBAC Authorizations Policy >> http://opensolaris.org/os/community/arc/bestpractices/rbac-auths/ >> 6. When to use setuid -vs- RBAC roles and profiles >> >> http://opensolaris.org/os/community/arc/bestpractices/rbac-intro/ and >> 7. Building RBAC Rights Profiles >> >> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ >> 8. Solaris Audit Policy >> http://opensolaris.org/os/community/arc/policies/audit-policy/ >> 9. Security questionaire >> >> http://opensolaris.org/os/community/arc/bestpractices/security-questions/ >> 10. Interface Taxonomy >> >> http://www.opensolaris.org/os/community/arc/policies/interface-taxonomy/ >> 11. Plugable Authentication Modules -- PAM >> http://opensolaris.org/os/community/arc/policies/PAM/ >> 12. Reusable Passwords In Command Line Arguments and Environment >> Variables >> >> http://opensolaris.org/os/community/arc/bestpractices/passwords-cli/ >> 13. Storing Reusable Passwords on a Filesystem >> >> http://opensolaris.org/os/community/arc/bestpractices/passwords-files/ >> 14. Release Taxonomy >> http://opensolaris.org/os/community/arc/policies/release-taxonomy/ >> 15. Service Management Facility (SMF) usage >> http://opensolaris.org/os/community/arc/policies/SMF-policy/ >> >> Appendix B - Suggested case materials >> 1. man pages >> 2. SMF manifests >> 3. links to contracts >> Appendix C - Definitions >> Submitter >> an agent responsible for creation of an ARC project along with the >> materials describing that project. >> Owner >> the ARC agent responsible for shepherding the case through review >> and ensuring a formal opinion is written where required. >> Maintainer >> an agent responsible for releasing new versions of a program, >> typically >> the "main" contributor or person incharge of making Architectural >> decisions for the project >> Contributor >> an agent who make contributions to a project, typically has a >> voice in >> making Architectural decisions for the project >> Monitoring >> an agent who is only following the changes made in the community and >> has no Architectural input into the project >> Volatile* >> interfaces that are very fluid and typically follow the >> originating community. Typically these interfaces can not be >> imported by other >> projects. >> Uncommitted* >> interfaces that are still evolving but will most likely be present >> from >> release to release. >> Committed* >> interfaces that are stable and with Sun guaranteeing some level of >> compatibility from release to release. >> Project Private* >> interfaces that are exposed only to or intended to be used only by >> the project being reviewed. These interfaces can not be imported by >> other projects. >> Not-An-Interface* >> components that are not interfaces. >> Contracted* (interface modifier) - ARC review of Contract required >> interfaces that do not allow another project to import can be >> *Note: see >> http://opensolaris.org/os/community/arc/policies/interface-taxonomy/ >> for details >> >> 6. Resources and Schedule >> 6.4. Steering Committee requested information >> 6.4.1. Consolidation C-team Name: >> SFW >> 6.5. ARC review type: FastTrack >> 6.6. ARC Exposure: open >> > -- Jim Gates Sun Microsystems Nashua, NH, USA http://sun.com/postgresql
