[MIR] haproxy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
haproxy (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Maverick |
Fix Released
|
High
|
Unassigned |
Bug Description
Binary package hint: haproxy
Availability:
Package has been in universe since Hardy.
Rationale:
* HAProxy is considered to be one of the best app level load balancers available.
* MIR is marked as a requirement for maverick alpha2 in https:/
Security:
* No CVE's or vulnerabilities listed in the usual place. Further searches turn up no previous security problems.
* Disabled by default, must be enabled by editing /etc/default/
* The ports opened in the default configuration are 10001 thru 10005, and 8443. On connecting to those ports, these attempt to connect to non-routable IP's of backend servers that may or may not exist, so this config file may need to be moved to an examples directory.
Quality assurance:
* There are no important bug reports against haproxy in Debian or Ubuntu
* The debian package has been well maintained and has stayed quite close to upstream.
UI standards: (generally only for user-facing applications)
N/A
Dependencies:
* All are in main.
Standards compliance:
* Packaging is very straight forward and package appears to comply with policy upon cursory examination.
Maintenance:
* Package produces a single binary package, that includes a single binary, a daemon that uses a single config file.
Background information:
HAProxy is quite mature, as is its debian package.
Related branches
- Mathias Gug: Approve
- Ubuntu Server: Pending requested
-
Diff: 13 lines (+3/-0)1 file modifiedsupported-misc-servers (+3/-0)
Changed in haproxy (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
Changed in haproxy (Ubuntu): | |
milestone: | none → maverick-alpha-3 |
Changed in haproxy (Ubuntu): | |
assignee: | nobody → Clint Byrum (clint-fewbar) |
importance: | Undecided → Wishlist |
Changed in haproxy (Ubuntu): | |
status: | In Progress → Fix Committed |
assignee: | Clint Byrum (clint-fewbar) → nobody |
status: | Fix Committed → Fix Released |
The endless use of memcpy in the code makes me a little nervous, but quick spot-checking didn't show anything obviously wrong. +1. It would be nice to add the regression tests in tests/ to the build, but it looks like upstream doesn't even include documentation on how to run them.