Issues for LSARC 2008/626 Eclipse For Java Developers
Tom Childers
tom.childers at sun.com
Tue Nov 4 08:42:32 PST 2008
I'm sorry I couldn't get this out yesterday.
tdc00 - is this distro being included with OpenSolaris, or is it
simply a port that is being "made available" for OpenSolaris? (FOSS
checklist section 6.1 suggests that this is a port being delivered on
the eclipse.org web site.)
tdc01 - which Eclipse package is proposed, the JEE version, or the
Java version? (eclipse.org has packages 84 -162MB in size!) If JEE,
which app server is included?
tdc02 - FOSS checklist, section 3.1.2, if you need a newer version of
SWT, you will have to package it. What else does Eclipse require than
the delivered SWT provides?
tdc03 - is Eclipse 100% Java, or are there 64-bit issues with C/C++
components?
tdc04 - FOSS section 3.4, doesn't Eclipse include an automatic update
facility that is a network service?
tdc05 - FOSS section 3.4.5, we need to understand any UI's involving
passwords. For example, are CLI's CLIP-compliant?
tdc06 - FOSS section 4.1, what are versions for imported interfaces?
Where are they coming from, and are they packaged inside Eclipse?
tdc07 - FOSS section 4.2, what is "GTK"
tdc08 - what are plans to keep this distro up to date? How will new
Eclipse releases get into OpenSolaris, and can a user simply download
an update and overlay it on the installation that you are providing
with OpenSolaris?
Tom Childers
Sr. Staff Engineer
Sun Microsystems, Inc.
SOA/Business Integration Engineering
Phone x31943/+1 415-226-3398
Mobile +1 415-272-3565
Fax +1 415-226-3398
Email Tom.Childers at Sun.COM
On Oct 28, 2008, at 1:00 PM, Michael Kearney wrote:
> 1.0 Project Information
>
>
> Eclipse is one of the most popular open source Java IDE.
>
> The current version of Eclipse is 3.4 (a.k.a. Ganymede) at
> the time
> of this case.
>
> Eclipse IDE is an open source project handled by Eclipse
> community.
>
>
> 1.1 Name of project/component
>
> Eclipse IDE.
>
> 1.2 Author of document
>
> Alexandre (Shura) Iline (alexandre.iline at sun.com)
>
> 2.0 Project Summary
> 2.1 Project Description
>
> Eclipse is an Java IDE
>
> 2.2 Release binding
> What is is the release binding?
> (see http://opensolaris.org/os/community/arc/policies/release-taxonomy/)
> [X] Major
> [ ] Minor
> [ ] Patch or Micro
> [ ] Unknown -- ARC review required
>
> 2.3 Type of project
> Is this case a Linux Familiarity project?
> [ ] Yes
> [X] No
>
> 2.4 Originating Community
> 2.4.1 Community Name
> Eclipse
>
> 2.4.2 Community Involvement
> Indicate Sun's involvement in the community
> [ ] Maintainer
> [ ] Contributor
> [X] Monitoring
>
> Will the project team work with the upstream community to
> resolve
> architectural issues of interest to Sun?
> [X] Yes
> [ ] No - briefly explain
>
> Will we or are we forking from the community?
> [ ] Yes - ARC review required prior to forking
> [X] No
>
> 3.0 Technical Description
> 3.1 Installation & Sharable
> 3.1.1S Solaris Installation - section only required for Solaris
> Software
> (see http://opensolaris.org/os/community/arc/policies/install-locations/
> for details)
> Does this project follow the Install Locations best practice?
> [X] Yes
> [ ] No - ARC review required
>
> Does this project install into /usr under [sbin|bin|lib|
> include|man|share]?
> [ ] Yes
> [X] No or N/A
>
> Does this project install into /opt?
> [ ] Yes - explain below
> [X] No or N/A
>
> Does this project install into a different directory structure?
> [X] Yes - ARC review required
> The project installs into /usr/eclipse.
>
> Eclipse installation is an executor with a set of auxiliary files,
> such as archives, configuration files, etc.
>
> It is assumed that the executor resides within the overall
> installation dir.
>
> [ ] No or N/A
>
> Do any of the components of this project conflict with
> anything under /usr?
> (see http://opensolaris.org/os/community/arc/caselog/2007/047/
> for details)
> [ ] Yes - explain below
> [X] No
>
> If conflicts exist then will this project install under /usr/
> gnu?
> [ ] Yes
> [ ] No - ARC review required
> [X] N/A
>
> Is this project installing into /usr/sfw?
> [ ] Yes - ARC review required
> [X] No
>
> 3.1.1W Windows Installation - section only required for Windows
> Software
> (see http://sac.sfbay/WSARC/2002/494 for details)
> Does this project install software into a
> <system drive>:\Program Files\Sun\<product> or <system drive>:
> \Sun\<product>
> directory?
> [ ] Yes
> [ ] No - ARC review required
>
> Does the project use the Windows registry?
> [ ] Yes
> [ ] No - ARC review required
>
> Does the project use
> HKEY_LOCAL_MACHINE\SOFTWARE\Sun Microsystems\<product>\<version>
> for the registry key?
> [ ] Yes
> [ ] No - ARC review required
>
> Is the project's stored location
> HKEY_LOCAL_MACHINE\SOFTWARE\Sun Microsystems\<product id>
> \<version id>\Path?
> [ ] Yes
> [ ] No - ARC review required
>
> 3.1.2 Share and Sharable
> Does the module include any components that are used or shared
> by
> other projects?
> [X] Yes
>
> Eclipse project includes some java libraries which could be used
> outside of Eclipse. It also includes one native library: SWT.
>
> [ ] No
>
> If yes are these components packaged to be shared with the
> other FOSS?
> [ ] Yes
> [X] No - ARC review required
> [ ] N/A
>
> Are these components already in the Solaris WOS?
> [X] Yes
> or planned to be. SWT library, JUnit library.
> [ ] No - continue with next section (section 3.2)
>
> If yes are these newer versions being delivered?
> [ ] Yes
> [ ] No - ARC review required
> Not sure what the answer should be ...
> Eclipse 3.4 requires newer SWT than planned to be delivered into
> Solaris. Eclipse also requires more than the delivered SWT provides.
>
> If yes are the newer versions replacing the existing versions?
> [ ] Yes
> [X] No - ARC review required
>
> No, since we were not able to get an agreement to upgrade SWT to
> newer version.
>
> 3.2 Exported Libraries
> Are libraries being delivered by this project?
> [ ] Yes
> [X] No - continue with next section (section 3.3)
>
> Are 64-bit versions of the libraries being delivered?
> [ ] Yes
> [ ] No - ARC review required
>
> Are static versions of the libraries being delivered?
> [ ] Yes - ARC review required
> [ ] No
>
> 3.3 Services and the /etc Directory
> (see http://opensolaris.org/os/community/arc/policies/SMF-policy/)
> Does the project integrate anything into /etc/init.d or /etc/
> rc?.d?
> [ ] Yes - ARC review required
> [X] No
>
> Does the project integrate any new entries into /etc/inittab or
> /etc/inetd.conf?
> [ ] Yes - ARC review required
> [X] No
>
> Does the project integrate any private non-public files into /
> etc/default
> or /etc/ configuration files?
> [ ] Yes - ARC review required
> [X] No
>
> Does the service manifests method context grant rights above
> that
> of the noaccess user and basic privilege set?
> [ ] Yes - ARC review required
> [X] No
>
> 3.4 Security
> 3.4.1 Secure By Default
> (see http://opensolaris.org/os/community/arc/policies/secure-by-default/
> for details)
> (see http://www.opensolaris.org/os/community/arc/policies/NITS-policy/
> for details)
> (see parts of http://opensolaris.org/os/community/arc/policies/SMF-policy/
> for
> addtional details)
> Are there any network services provided by this project?
> [ ] Yes
> [X] No - continue with the next section (section 3.4.2)
>
> Are network services enabled by default?
> [ ] Yes - ARC review required
> [ ] No
> [ ] N/A
>
> Are network services automatically enabled by the project
> during installation?
> [ ] Yes - ARC review required
> [ ] No
> [ ] N/A
>
> Are inbound network communications denied by default?
> [ ] Yes
> [ ] No - ARC review required
> [ ] N/A
>
> Is inbound data checked to prevent content-based attacks?
> [ ] Yes
> [ ] No - ARC review required
> [ ] N/A
>
> Is the outbound receiver authenticated?
> [ ] Yes
> [ ] No - ARC review required
> [ ] N/A
>
> Is the receiver authenticated prior to receiving any sensitive
> outbound communication?
> [ ] Yes
> [ ] No - ARC review required
> [ ] N/A
>
> 3.4.2 Authorization
> (see http://opensolaris.org/os/community/arc/bestpractices/rbac-intro/
> and
> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/
> and
> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/
> for details)
> Are there any setuid/setgid privileged binaries in the project?
> [ ] Yes - ARC review required
> [X] No - continue with next section (section 3.4.3)
>
> If yes then are the setuid/setgid privileges handled by the
> use of roles?
> [ ] Yes
> [ ] No - ARC review required
>
> 3.4.3 Auditing
> (see http://opensolaris.org/os/community/arc/policies/audit-policy/
> for details)
> (see http://opensolaris.org/os/community/arc/caselog/2003/397
> for details)
> Does this component contain administrative or security
> enforcing software?
> [ ] Yes - ARC review required
> [X] No - continue to next section (section 3.4.4)
>
> (see http://opensolaris.org/os/community/arc/caselog/2003/397
> for details)
> Do the components create audit logs detailing what took place
> including what event
> took place, who was involved, when the event took place?
> [ ] Yes - ARC contract and Audit project team review required
> [ ] No - ARC review required
>
>
> 3.4.4 Authentication
> (see http://opensolaris.org/os/community/arc/policies/PAM/)
> Do the components contain any authentication code?
> [ ] Yes
> [X] No - continue to next section (section 3.4.5)
>
> If yes do the components use PAM (plugable authentication
> modules) for authentication?
> [ ] Yes
> [ ] No - ARC review required
>
> If yes is a single PAM session maintained during authentication?
> [ ] Yes
> [ ] No - ARC review required
>
> If yes are the components sufficiently privileged to allow the
> requested
> operations (authentication, password change, process
> credential manipulation,
> audit state initialization)?
> [ ] Yes - briefly describe below
> [ ] No - ARC review required
>
> 3.4.5 Passwords
> (see http://opensolaris.org/os/community/arc/bestpractices/passwords-cli/
> and
> http://opensolaris.org/os/community/arc/bestpractices/passwords-files/
> for details)
> Do any of the components for the project deal with passwords?
> [X] Yes
> Eclipse now includes the "Secure storage" system. Â This is a new
> integrated framework intended for caching passwords
> [ ] No - continue to next section (section 3.4.6)
>
> If yes are these passwords entered via the CLI or environment?
> [ ] Yes - ARC review required
> [ ] No
>
> Are passwords stored within the file system for the component?
> [ ] Yes
> [ ] No - continue to next section (section 3.4.6)
>
> If yes are the permissions on the file such to protect
> exposing the password(s)?
> [ ] Yes
> [ ] No - ARC review required
>
> 3.4.6 General Security Questions
> (see http://opensolaris.org/os/community/arc/bestpractices/security-questions/
> for details)
> Are there any network protocols used by this project?
> [X] Yes
> [ ] No - continue with the next section (section 3.5)
>
> Do the components use standard network protocols?
> [X] Yes
> [ ] No - ARC review required
>
> Do network services for the project make decisions based upon
> user, host or
> service identities?
> [ ] Yes - explain below
> [X] No
> [ ] N/A
>
> Do the components make use of secret information during
> authentication and/or
> authorization?
> [ ] Yes - explain below
> [X] No
> [ ] N/A
>
> 3.5 Networking
> Do the components access the network?
> [X] Yes
> [ ] No - continue with the next section (section 3.6)
>
> If yes do the components support IPv6?
> [X] Yes
> [ ] No - ARC review required
>
> 3.6 Core Solaris Components
> Do the components of this project compete with or duplicate core
> Solaris components?
> [ ] Yes - ARC review required
> [X] No
>
> Examples of Core Solaris Components include but are not
> limited to:
>
> Secure By Default
> Authorizations
> PAM -- Plugable Authentication Module
> Privilege
> PRM -- Process Rights Management -- Privilege
> Audit
> xVm -- Virtualization
> zones / Solaris Containers
> PRM -- Process Rights Management
> RBAC -- Role Based Access Control
> TX / Trusted Extensions
> ZFS
> SMF -- Service Management Facility
> FMA -- Fault Management Architecture
> SCF -- Smart Card Facility
> IPsec
>
> 4.0 Interfaces
> (see http://www.opensolaris.org/os/community/arc/policies/interface-taxonomy/
> for details)
> 4.1 Exported Interfaces
>
> Interface Name Classification Comments
> --------------------------- -------------------
> ---------------------------
> eclipse Uncommitted Package
> /usr/eclipse Uncommitted Installation
> directory
> eclipse Uncommitted Commandline syntax
> SWT Uncommitted Library
> JUnit Uncommitted Java library
> Eclipse platform Uncommitted Set of Java
> libraries
>
> 4.2 Imported Interfaces
> Interface Name Classification Comments
> --------------------------- --------------------
> --------------------------
> j6dev Committed Package
> GTK ??? Library
>
>
> References:
>
> [1] http://www.eclipse.org
> [2] http://www.eclipse.org/downloads/packages/eclipse-ide-java-developers/ganymedesr1
>
>
> Michael Kearney
> Staff Software Engineer
>
> Sun Microsystems, Inc.
> MS UBRM05-390, 500 Eldorado Blvd
> Broomfield, CO 80021 US
> Phone 303-272-2402
> Fax 303-272-6554
> Email Michael.Kearney at Sun.COM
> <Michael_Kearney.vcf>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.opensolaris.org/pipermail/opensolaris-arc/attachments/20081104/a078546e/attachment.html>
More information about the opensolaris-arc
mailing list