[Dependencies libfcgi-dev and clearsilver-dev (universe) dropped as upstream recommendations against their plugin usage at this time].
** Description changed: strongSwan IPsec VPN-solution Main Inclusion Report. 1. Availability: - In universe and Debian for some time. 2. Rationale: - We need a supported and functional IPsec VPN solution in Ubuntu. - At the current time, this is racoon, which hasn't updated in quite a while: - https://launchpad.net/ubuntu/+source/ipsec-tools 3. Security: - No current CVEs. - CVE reports in the past: fixed by upstream as seen in: - https://www.strongswan.org/blog/ - But as package is in universe, no oversight from security team. - Ships a daemon that handles connections to IPsec clients (AppArmor'ed by profile). - Open privileged ports on 500 and 4500 (charon daemon above). 4. Quality assurance: - Current version doesn't install any working configuration, however this can be done with debconf. - It's simpler to do things by hand, as with openvpn. - Upstream is active: - Next release planned within a month: https://wiki.strongswan.org/projects/strongswan/roadmap - Respond proactively to support queries on their ticketing system: https://wiki.strongswan.org/projects/strongswan/issues - Release presentations from time to time: https://www.strongswan.org/documentation.html - Build process runs test suite. - - Upstream runs a run test suite across all configuration scenarios: https://www.strongswan.org/uml/testresults/ + - Upstream runs a run test suite across all configuration scenarios: https://www.strongswan.org/uml/testresults/ 5. UI standards: - Not applicable 6. Dependencies: - libgmp3-dev - libssl-dev - libldns-dev (universe) - libunbound-dev (universe) - libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev - libsoup2.4-dev - libpcsclite-dev - libldap2-dev - libpam0g-dev - libkrb5-dev - - libfcgi-dev - - clearsilver-dev (universe) - libtspi-dev - libxml2-dev - libsqlite3-dev - libmysqlclient-dev Note that the packages in universe are not part of the core strongSwan functionality and rather are linked to binary packages that are plugins (strongswan-libfast, strongswan-plugin-medsrv, strongswan-plugin- unbound). The building of these plugins could be disabled, but I'd rather offer our users a wide range of plugins by default - rather than have them rebuild strongSwan for functionality they may need. 7. Standards compliance: - Shipped by Debian - Lintian clean - uses dh, source format 3.0 (quilt) 8. Maintenance: - Currently maintained by a team of volunteers on Debian and Ubuntu. - Shared git repository on git.debian.org. ** Description changed: strongSwan IPsec VPN-solution Main Inclusion Report. 1. Availability: - In universe and Debian for some time. 2. Rationale: - We need a supported and functional IPsec VPN solution in Ubuntu. - At the current time, this is racoon, which hasn't updated in quite a while: - https://launchpad.net/ubuntu/+source/ipsec-tools 3. Security: - No current CVEs. - CVE reports in the past: fixed by upstream as seen in: - https://www.strongswan.org/blog/ - But as package is in universe, no oversight from security team. - Ships a daemon that handles connections to IPsec clients (AppArmor'ed by profile). - Open privileged ports on 500 and 4500 (charon daemon above). 4. Quality assurance: - Current version doesn't install any working configuration, however this can be done with debconf. - It's simpler to do things by hand, as with openvpn. - Upstream is active: - Next release planned within a month: https://wiki.strongswan.org/projects/strongswan/roadmap - Respond proactively to support queries on their ticketing system: https://wiki.strongswan.org/projects/strongswan/issues - Release presentations from time to time: https://www.strongswan.org/documentation.html - Build process runs test suite. - Upstream runs a run test suite across all configuration scenarios: https://www.strongswan.org/uml/testresults/ + - Daily builds for Ubuntu here: https://code.launchpad.net/~strongswan/+recipe/strongswan-daily 5. UI standards: - Not applicable 6. Dependencies: - libgmp3-dev - libssl-dev - libldns-dev (universe) - libunbound-dev (universe) - libcurl4-openssl-dev | libcurl3-dev | libcurl2-dev - libsoup2.4-dev - libpcsclite-dev - libldap2-dev - libpam0g-dev - libkrb5-dev - libtspi-dev - libxml2-dev - libsqlite3-dev - libmysqlclient-dev Note that the packages in universe are not part of the core strongSwan functionality and rather are linked to binary packages that are plugins (strongswan-libfast, strongswan-plugin-medsrv, strongswan-plugin- unbound). The building of these plugins could be disabled, but I'd rather offer our users a wide range of plugins by default - rather than have them rebuild strongSwan for functionality they may need. 7. Standards compliance: - Shipped by Debian - Lintian clean - uses dh, source format 3.0 (quilt) 8. Maintenance: - Currently maintained by a team of volunteers on Debian and Ubuntu. - Shared git repository on git.debian.org. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1266066 Title: [MIR] strongSwan To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/1266066/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
