wxWidgets: Cross-Platform GUI Library [LSARC/2008/476 FastTrack timeout 08/01/2008]
James Gates
james.gates at sun.com
Tue Sep 2 09:59:15 PDT 2008
This case was today closed approved.
There were some concerns (from Brian Cameron) regarding accessibility and full
section 508 compliance. These are now resolved - A waiver to integrate was
granted by Michele Budris based on a commitment from the project team to work
with wxWidgets community to provide the support for missing a11y features. The
project team now intend to integrate in snv_100.
James Gates wrote:
> I'm sponsoring this case for Mayuresh Nirhali and Alfred Peng. Timeout
> is set for Friday 1st Aug. The onepager & interfaces.txt files are
> available in the case materials directory.
>
> The (attached) proposal is the completed FOSS checklist. No questions
> resulted in "ARC review required", but because of Brian Cameron's recent
> statement re. accessibility, I think it should be reviewed.
>
> But I do recall during the ARC[1] case for pgAdmin (which uses
> wxWidgets/GTK+) we discussed accessibility and it was determined that
> wxWidgets was section 508 compliant. Do we need to check this again?
>
> [1] http://sac.sfbay/LSARC/2006/644/
>
>
> James Gates wrote:
>
>> Template Version: @(#)sac_nextcase 1.66 04/17/08 SMI
>> This information is Copyright 2008 Sun Microsystems
>> 1. Introduction
>> 1.1. Project/Component Working Name:
>> wxWidgets: Cross-Platform GUI Library
>> 1.2. Name of Document Author/Supplier:
>> Author: Mayuresh Nirhali
>> 1.3 Date of This Document:
>> 25 July, 2008
>> 4. Technical Description
>> 1.0 Project Information
>> 1.1 Name of project/component
>> wxWidgets: Cross-Platform GUI Library
>>
>> 1.2 Author of document
>> Mayuresh Nirhali
>>
>> 2.0 Project Summary
>> 2.1 Project Description
>>
>> wxWidgets provides a single,
>> easy-to-use API for writing GUI applications on multiple
>> platforms
>> that still utilize the native platform's controls and utilities.
>> On top of great GUI functionality, wxWidgets provides: online
>> help,
>> network programming, streams, clipboard and drag and drop,
>> multithreading, image loading and saving in a variety of popular
>> formats, database support, HTML viewing and printing, and much
>> much
>> more.
>>
>> Please note that WxWidgets version 2.8.8 already exists in
>> OpenSolaris
>> today, but it is statically linked with pgAdmin3 (LSARC/2006/644 -
>> PostgreSQL database adiministration GUI tool). The scope of this ARC
>> case is only to expose wxWidgets as a shared library to other Solaris
>> components, such as FileZilla.
>>
>> 2.2 Release binding
>> What is is the release binding?
>> (see
>> http://opensolaris.org/os/community/arc/policies/release-taxonomy/)
>> [ ] Major
>> [ ] Minor
>> [X] Patch or Micro
>> [ ] Unknown -- ARC review required
>>
>> 2.3 Type of project
>> Is this case a Linux Familiarity project?
>> [X] Yes
>> [ ] No
>>
>> 2.4 Originating Community
>> 2.4.1 Community Name
>> http://www.wxwidgets.org/
>> 2.4.2 Community Involvement
>> Indicate Sun's involvement in the community
>> [ ] Maintainer
>> [ ] Contributor
>> [X] Monitoring
>> Will the project team work with the upstream community to
>> resolve
>> architectural issues of interest to Sun?
>> [X] Yes [ ] No - briefly explain
>> Will we or are we forking from the community?
>> [ ] Yes - ARC review required prior to forking
>> [X] No
>> 3.0 Technical Description
>> 3.1 Installation & Sharable
>> 3.1.1S Solaris Installation - section only required for Solaris
>> Software
>> (see
>> http://opensolaris.org/os/community/arc/policies/install-locations/
>> for details)
>> Does this project follow the Install Locations best practice?
>> [X] Yes [ ] No - ARC review required
>> Does this project install into /usr under
>> [sbin|bin|lib|include|man|share]?
>> [X] Yes
>> [ ] No or N/A
>> Does this project install into /opt?
>> [ ] Yes - explain below
>> [X] No or N/A
>> Does this project install into a different directory
>> structure?
>> [ ] Yes - ARC review required
>> [X] No or N/A
>> Do any of the components of this project conflict with
>> anything under /usr?
>> (see http://opensolaris.org/os/community/arc/caselog/2007/047/
>> for details)
>> [ ] Yes - explain below
>> [X] No
>> If conflicts exist then will this project install under
>> /usr/gnu?
>> [ ] Yes
>> [ ] No - ARC review required
>> [X] N/A
>> Is this project installing into /usr/sfw?
>> [ ] Yes - ARC review required
>> [X] No
>>
>> 3.2 Exported Libraries
>> Are libraries being delivered by this project?
>> [X] Yes
>> [] No - continue with next section (section 3.3)
>> Are 64-bit versions of the libraries being delivered?
>> [X] Yes
>> [ ] No - ARC review required
>> Are static versions of the libraries being delivered?
>> [ ] Yes - ARC review required
>> [X] No 3.3 Services and the /etc Directory
>> (see http://opensolaris.org/os/community/arc/policies/SMF-policy/)
>> Does the project integrate anything into /etc/init.d or /etc/rc?.d?
>> [ ] Yes - ARC review required
>> [X] No
>> Does the project integrate any new entries into
>> /etc/inittab or
>> /etc/inetd.conf?
>> [ ] Yes - ARC review required
>> [X] No
>> Does the project integrate any private non-public files
>> into /etc/default
>> or /etc/ configuration files?
>> [ ] Yes - ARC review required
>> [X] No
>> Does the service manifests method context grant rights
>> above that
>> of the noaccess user and basic privilege set?
>> [ ] Yes - ARC review required
>> [X] No
>> 3.4 Security
>> 3.4.1 Secure By Default (see
>> http://opensolaris.org/os/community/arc/policies/secure-by-default/
>> for details)
>> (see
>> http://www.opensolaris.org/os/community/arc/policies/NITS-policy/ for
>> details)
>> (see parts of
>> http://opensolaris.org/os/community/arc/policies/SMF-policy/ for
>> addtional details)
>> Are there any network services provided by this project?
>> [ ] Yes
>> [X] No - continue with the next section (section 3.4.2)
>> Are network services enabled by default?
>> [ ] Yes - ARC review required
>> [ ] No
>> [X] N/A
>> Are network services automatically enabled by the project
>> during installation?
>> [ ] Yes - ARC review required
>> [ ] No
>> [X] N/A
>> Are inbound network communications denied by default?
>> [ ] Yes
>> [ ] No - ARC review required
>> [X] N/A
>> Is inbound data checked to prevent content-based attacks?
>> [ ] Yes
>> [ ] No - ARC review required
>> [X] N/A
>> Is the outbound receiver authenticated?
>> [ ] Yes
>> [ ] No - ARC review required
>> [X] N/A
>> Is the receiver authenticated prior to receiving any
>> sensitive outbound communication?
>> [ ] Yes
>> [ ] No - ARC review required
>> [X] N/A
>> 3.4.2 Authorization
>> (see
>> http://opensolaris.org/os/community/arc/bestpractices/rbac-intro/ and
>>
>> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ and
>>
>> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/
>> for details)
>> Are there any setuid/setgid privileged binaries in the project?
>> [ ] Yes - ARC review required
>> [X] No - continue with next section (section 3.4.3)
>> If yes then are the setuid/setgid privileges handled by
>> the use of roles?
>> [ ] Yes
>> [ ] No - ARC review required
>>
>> 3.4.3 Auditing
>> (see
>> http://opensolaris.org/os/community/arc/policies/audit-policy/ for
>> details)
>> (see http://opensolaris.org/os/community/arc/caselog/2003/397
>> for details)
>> Does this component contain administrative or security enforcing
>> software?
>> [ ] Yes - ARC review required
>> [X] No - continue to next section (section 3.4.4)
>> (see
>> http://opensolaris.org/os/community/arc/caselog/2003/397 for details)
>> Do the components create audit logs detailing what took place
>> including what event
>> took place, who was involved, when the event took place?
>> [ ] Yes - ARC contract and Audit project team review required
>> [ ] No - ARC review required
>> 3.4.4 Authentication
>> (see http://opensolaris.org/os/community/arc/policies/PAM/)
>> Do the components contain any authentication code?
>> [ ] Yes
>> [X] No - continue to next section (section 3.4.5)
>> If yes do the components use PAM (plugable authentication
>> modules) for authentication?
>> [ ] Yes
>> [ ] No - ARC review required
>> If yes is a single PAM session maintained during
>> authentication?
>> [ ] Yes
>> [ ] No - ARC review required
>> If yes are the components sufficiently privileged to allow
>> the requested operations (authentication, password change,
>> process credential manipulation, audit state initialization)?
>> [ ] Yes - briefly describe below
>> [ ] No - ARC review required
>> 3.4.5 Passwords
>> (see
>> http://opensolaris.org/os/community/arc/bestpractices/passwords-cli/ and
>>
>> http://opensolaris.org/os/community/arc/bestpractices/passwords-files/
>> for details)
>> Do any of the components for the project deal with passwords?
>> [ ] Yes
>> [X] No - continue to next section (section 3.4.6)
>> If yes are these passwords entered via the CLI or
>> environment?
>> [ ] Yes - ARC review required
>> [ ] No
>> Are passwords stored within the file system for the
>> component?
>> [ ] Yes
>> [ ] No - continue to next section (section 3.4.6)
>> If yes are the permissions on the file such to protect
>> exposing the password(s)?
>> [ ] Yes
>> [ ] No - ARC review required
>> 3.4.6 General Security Questions
>> (see
>> http://opensolaris.org/os/community/arc/bestpractices/security-questions/
>> for details)
>> Are there any network protocols used by this project?
>> [ ] Yes
>> [X] No - continue with the next section (section 3.5)
>> Do the components use standard network protocols?
>> [ ] Yes
>> [ ] No - ARC review required
>> Do network services for the project make decisions based
>> upon user, host or service identities?
>> [ ] Yes - explain below
>> [ ] No
>> [X] N/A
>> Do the components make use of secret information during
>> authentication and/or
>> authorization?
>> [ ] Yes - explain below
>> [ ] No
>> [X] N/A
>> 3.5 Networking
>> Do the components access the network?
>> [ ] Yes
>> [X] No - continue with the next section (section 3.6)
>> If yes do the components support IPv6?
>> [ ] Yes [ ] No - ARC review required
>> 3.6 Core Solaris Components
>> Do the components of this project compete with or duplicate core
>> Solaris components?
>> [ ] Yes - ARC review required
>> [X] No Examples of Core Solaris Components include
>> but are not limited to:
>> Secure By Default
>> Authorizations
>> PAM -- Plugable Authentication Module
>> Privilege
>> PRM -- Process Rights Management -- Privilege
>> Audit
>> xVm -- Virtualization
>> zones / Solaris Containers
>> PRM -- Process Rights Management
>> RBAC -- Role Based Access Control
>> TX / Trusted Extensions
>> ZFS
>> SMF -- Service Management Facility
>> FMA -- Fault Management Architecture
>> SCF -- Smart Card Facility
>> IPsec
>> 4.0 Interfaces
>> (see
>> http://www.opensolaris.org/os/community/arc/policies/interface-taxonomy/
>> for details)
>> 4.1 Exported Interfaces
>>
>> See file interfaces.txt in case materials directory
>>
>> Brief Interface Classifications - See Appendix C for
>> definitions
>> Volatile - interfaces are fluid and will follow a rapidly changing
>> community
>> Uncommitted - interfaces are still evolving in the community and
>> might follow
>> the community
>> Committed - interfaces are stable in the community
>> Project Private - no review required, just document in table
>> Contracted (interface modifier) - further review required
>>
>> Appendix A - References
>> 1. Solaris Installation Locations Policy
>> http://opensolaris.org/os/community/arc/policies/install-locations/
>> 2. /usr/gnu Installation ARC case
>> http://opensolaris.org/os/community/arc/caselog/2007/047/
>> 3. Secure By Default Policy
>> http://opensolaris.org/os/community/arc/policies/secure-by-default/
>> 4. Network Install Time Securityuy Policy
>> http://www.opensolaris.org/os/community/arc/policies/NITS-policy/
>> 5. Adding RBAC Authorizations Policy
>> http://opensolaris.org/os/community/arc/bestpractices/rbac-auths/
>> 6. When to use setuid -vs- RBAC roles and profiles
>>
>> http://opensolaris.org/os/community/arc/bestpractices/rbac-intro/ and
>> 7. Building RBAC Rights Profiles
>>
>> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/
>> 8. Solaris Audit Policy
>> http://opensolaris.org/os/community/arc/policies/audit-policy/
>> 9. Security questionaire
>>
>> http://opensolaris.org/os/community/arc/bestpractices/security-questions/
>> 10. Interface Taxonomy
>>
>> http://www.opensolaris.org/os/community/arc/policies/interface-taxonomy/
>> 11. Plugable Authentication Modules -- PAM
>> http://opensolaris.org/os/community/arc/policies/PAM/
>> 12. Reusable Passwords In Command Line Arguments and Environment
>> Variables
>>
>> http://opensolaris.org/os/community/arc/bestpractices/passwords-cli/
>> 13. Storing Reusable Passwords on a Filesystem
>>
>> http://opensolaris.org/os/community/arc/bestpractices/passwords-files/
>> 14. Release Taxonomy
>> http://opensolaris.org/os/community/arc/policies/release-taxonomy/
>> 15. Service Management Facility (SMF) usage
>> http://opensolaris.org/os/community/arc/policies/SMF-policy/
>>
>> Appendix B - Suggested case materials
>> 1. man pages
>> 2. SMF manifests
>> 3. links to contracts
>> Appendix C - Definitions
>> Submitter
>> an agent responsible for creation of an ARC project along with the
>> materials describing that project.
>> Owner
>> the ARC agent responsible for shepherding the case through review
>> and ensuring a formal opinion is written where required.
>> Maintainer
>> an agent responsible for releasing new versions of a program,
>> typically
>> the "main" contributor or person incharge of making Architectural
>> decisions for the project
>> Contributor
>> an agent who make contributions to a project, typically has a
>> voice in
>> making Architectural decisions for the project
>> Monitoring
>> an agent who is only following the changes made in the community and
>> has no Architectural input into the project
>> Volatile*
>> interfaces that are very fluid and typically follow the
>> originating community. Typically these interfaces can not be
>> imported by other
>> projects.
>> Uncommitted*
>> interfaces that are still evolving but will most likely be present
>> from
>> release to release.
>> Committed*
>> interfaces that are stable and with Sun guaranteeing some level of
>> compatibility from release to release.
>> Project Private*
>> interfaces that are exposed only to or intended to be used only by
>> the project being reviewed. These interfaces can not be imported by
>> other projects.
>> Not-An-Interface*
>> components that are not interfaces.
>> Contracted* (interface modifier) - ARC review of Contract required
>> interfaces that do not allow another project to import can be
>> *Note: see
>> http://opensolaris.org/os/community/arc/policies/interface-taxonomy/
>> for details
>>
>> 6. Resources and Schedule
>> 6.4. Steering Committee requested information
>> 6.4.1. Consolidation C-team Name:
>> SFW
>> 6.5. ARC review type: FastTrack
>> 6.6. ARC Exposure: open
>>
>
--
Jim Gates Sun Microsystems
Nashua, NH, USA http://sun.com/postgresql
More information about the opensolaris-arc
mailing list