** Description changed: + == Requirements == + [Availability] Currently in universe. + Package in LP: https://launchpad.net/ubuntu/+source/ledmon + Upstream: https://github.com/intel/ledmon [Rationale] 1.OEM projects needs to include ledmon for VROC suport (LP: #1759225) 2.Intel still maintains upstream for that (LP: #1668126) 3.Dependencies already in main. [Security] + No security issues exposed so far. We may need to rely on Intel to be aware of upstream commits for security fixes. [Quality Assurance] + 1.No debconf questions + 2.No outstanding bugs + 3.I can help to make sure the consistency for status of important bugs in Debian's/Ubuntu's, and upstream's bug (on github). + 4.Ledmon only supports Intel related storage controller (e.g. AHCI/iSCSI/VMD controller) + 5.No test suite shipped with ledmon + 6.No dependencies with obsolete or demoted packages + + [UI standards] + 1.This is a CLI tool/daemon service. It has normal CLI style short help and man pages. (man ledmon/ledctl) + 2.No desktop file required as it is a backend tool. [Dependencies] + build-depends: perl (main), libsgutils2-dev (main), libudev-dev (main) + binary-depends: openipmi (main) [Standards Compliance] + The package should meet the FHS and Debian Policy standards. [Maintenance] - Package ownership TBD. + Package owning team: The foundation team (we're discussed this recently and give them a notify) + Debian package maintained by Daniel Jared Dominguez (but seems he didn't maintain the latest one: currently the version 0.90 on upstream and it's 0.79-2 on debian) + https://tracker.debian.org/pkg/ledmon + + [Background Information] + ledmon and ledctl are userspace tools designed to control storage enclosure LEDs. The user must have root privileges to use these tools. + + These tools use the SGPIO and SES-2 protocols to monitor and control + LEDs. They been verified to work with Intel(R) storage controllers (i.e. + the Intel(R) AHCI controller) and have not been tested with storage + controllers of other vendors (especially SAS/SCSI controllers). + + For backplane enclosures attached to ISCI controllers, support is + limited to Intel(R) Intelligent Backplanes. + + == Security checks == + 1.http://cve.mitre.org/cve/search_cve_list.html: Search in the National Vulnerability Database using the package as a keyword + * There are 0 CVE entries that match your search. + + 2.Check OSS security mailing list (feed 'site:www.openwall.com/lists/oss-security <pkgname>' into search engine) + * No security issue found + + 3.Ubuntu CVE Tracker + http://people.ubuntu.com/~ubuntu-security/cve/main.htm + * No + http://people.ubuntu.com/~ubuntu-security/cve/universe.html + * No + http://people.ubuntu.com/~ubuntu-security/cve/partner.html + * No + + 4.Check for security relevant binaries. If any are present, this requires a more in-depth security review. + * Executables which have the suid or sgid bit set. + No + * Executables in /sbin, /usr/sbin. + Yes + * Packages which install services / daemons (/etc/init.d/*, /etc/init/*, /lib/systemd/system/*) + No + * Packages which open privileged ports (ports < 1024). + No + * Add-ons and plugins to security-sensitive software (filters, scanners, UI skins, etc) + No
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1794219 Title: [MIR] ledmon To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ledmon/+bug/1794219/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
