Bug#772823: ITP: kimchi -- HTML5 baseITP: kimchi -- HTML5 based management tool for KVM.d management tool for KVM.

[Frederic Bonnard <frediz@linux.vnet.ibm.com>]

Thank you Julien for looking at this and already filing bugs upstream.
I've uploaded a new package for 1.4.0 with a batch of small fixes (issues from
you, misc I found and from lintian) :
http://mentors.debian.net/package/kimchi

About what you pointed out that has no bug opened yet, I forwarded that to
a kimchi dev (maybe I should have done that publicly on the mailing list).
Here is what I gathered here and forwarded :
---
[X] "1. It appears this package is missing a dependency on libvirt-bin" : updated in
    the updated package 1.4.0 that I did
[ ] "2. Please make use of nginx proxy optional (and drop dependency down to
    recommends), I'm aware this will require changes to kimchi to add an option" : bug #570 reported upstream
[ ] "3. Websocksify listens on IPv4 only, this will be unreliable for people
    who have both v4 & v6 in DNS, and break for any v6 only users" : no bug so far : I checked
    kimchi for configuration options but that seems to be changed deeper. Should I
    file a bug for this one ?
[X] "4. Missing a short description for the package, the first line of the long
    description is getting used." : updated in my 1.4.0 packaging
[X] "5. I hit the gettext issue mentioned in:
    http://lists.ovirt.org/pipermail/kimchi-devel/2014-November/008801.html
    However, this appears to be fixed at head." : OK
[ ] "6. I don't see a pam service being created for kimchi, nor an obvious way
    to restrict who has rights to login. (Upstream bug #571 filed)
    A sensible default would probably be members of the libvirt group."
    I need to look into that. Actually in our lab we avoided use of kimchi because we
    felt it was not well suited at the moment for fine grained access rights.
    If I'm right, a user that can login to the machine (pam) as access to kimchi and
    also access to firmware updating tabs. Did we miss something on that ?
    What's your opinion on Julien's point ?
[X] "8. /robots.txt is missing.  (Patch sent)"
[X] "9. A new upstream version (1.4) has been released, so would like to see a
    package update."
---

About kimchi login rights, atm, authentication relies on system login with
pam, meaning that any user on the system has access to kimchi. I'm going to
look into that on the packaging side while waiting for kimchi devs opinion.

Fred.

On Sat, 17 Jan 2015 15:04:33 +1300, Julien Goodwin <jgoodwin@studio442.com.au> wrote:
> I filed an upstream bug (#570) to make nginx optional as I mentioned in
> my last mail.
> 
> Missing a short description for the package, the first line of the long
> description is getting used.
> 
> I hit the gettext issue mentioned in:
> http://lists.ovirt.org/pipermail/kimchi-devel/2014-November/008801.html
> 
> However, this appears to be fixed at head.
> 
> I don't see a pam service being created for kimchi, nor an obvious way
> to restrict who has rights to login. (Upstream bug #571 filed)
> 
> A sensible default would probably be members of the libvirt group.
> 
> /robots.txt is missing.  (Patch sent)
> 
> A new upstream version (1.4) has been released, so would like to see a
> package update.
> 
>