[Summary] While duplication usually is a reason to nack that is ok for this package that only has non-active code - if the Desktop Team wants to own it. They will own it that way for all the lifetime of Bionic anyway.
The process exists to ensure maintenance is doable and quality is ok, and here forcing the premature transition probably causes more fall-out than we gain by avoiding to maintain gsfonts + fonts-urw-base35 for now. @Desktop: But still, do yourself a favor and complete the transition in 20.10 to get rid of gsfonts some day. @Desktop - you need to add the package subscription, that isn't done yet. Other than that it is safe and well packaged. => MIR Team ack, no security review needed [Duplication] There is a problem with duplication here. I'm not a fonts expert so I beg your pardon if there are fine details that differ. But it seems that there are: - libgs9-common (src:ghostscript) - gsfonts - fonts-urw-base35 There is currently a transition from gsfonts -> fonts-urw-base35 happening. This is also reflected in what one can see in the archive. E.g. ghostscript does this transition and therefore is blocked atm. But gsfonts is in main still and I doubt we can make the transition complete in Focal. But this is a low effort maintenance package, I guess it is ok to have the Desktop Team own both in Focal without much drawback. gsfonts already is owned by Desktop. Adding fonts-urw-base35 while strictly speaking is a duplicate is ok as it has no active code and changes rarely. [Dependencies] OK: - no other dependencies from this package that need to be MIRed - no -dev/-debug/-doc packages with extra deps that would be auto-incldued that need exclusion later on promotion [Embedded sources and static linking] OK: - no embedded source present - no static linking [Security] OK: - history of CVEs does not look concerning (none) - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not parse data formats - does not open a port - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) => No security review needed [Common blockers] OK: - does not FTBFS currently - no translation present, but none needed for this case - not a python package, no extra constraints to consider int hat regard - It has no tests which usually is a blocker, but ok for a fonts package I'd think Problems: - Desktop isn't subscribed - it does need a team bug subscriber [Packaging red flags] OK: - Ubuntu does not carry a delta - symbols tracking not applicable for this kind of code. - d/watch is present and looks ok - Upstream update history is good - Debian/Ubuntu update history is good - the current release is packaged - promoting this does not seem to cause issues for MOTUs that so far maintained the package - no massive Lintian warnings - d/rules is rather clean - not using Built-Using [Upstream red flags] OK: - no Errors/warnings during the build - no incautious use of malloc/sprintf - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian, Ubuntu or Upstream - no dependency on webkit, qtwebkit, seed or libgoa-* - no embedded source copies - not part of the UI for extra checks (If this is a scope for the Unity Dash, does it honor the privacy settings?) ** Bug watch added: Debian Bug tracker #932897 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932897 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to ghostscript in Ubuntu. https://bugs.launchpad.net/bugs/1862048 Title: [MIR] fonts-urw-base35 Status in fonts-urw-base35 package in Ubuntu: New Status in ghostscript package in Ubuntu: New Bug description: Availability: The package is in Universe and it has no known build issues in the curremt version. It is a pure data package without any executable code inside and so nothing to compile. Therefore it is architecture independent. Rationale: This package is needed by the current Debian package of Ghostscript (9.50) which I have synced into Ubuntu. Security: As this package does not contain executable code (it contains only fonts and therefore only data) there should be no security risk being introduced by it. Quality assurance: There is no user interaction required to use this package. It will get pulled in by Ghostscript via dependency and provide the 35 PostScript standard fonts needed by Ghostscript. It comes with all needed metadata and configuration files so that Ghostscript actually finds the fonts. As this is only a font collection there is no user interface. The package also does not contain any debconf questions. The upstream package comes from Artifex, the upstream maintainers Ghostscript. Therefore it should be as well maintained as Ghostscript itself. There are regularly happening updates at Debian and Ubuntu simply auto-syncs. The package has no test suite, but it is nothing more than a collection of fonts. debian/watch is present. This package does not depend on any other package, so it cannot pull in anything deprecated or from Universe. Standards compliance: The package should meet the FHS and Debian Policy standards. Major violations should be documented and justified. Also, the source packaging should be reasonably easy to understand and maintain. Maintenance: The Ubuntu Printing Team is subscribed to bug reports on this package. As mentioned earlier this package is auto-synced from Debian and there well maintained. Currently there are no open bugs. Background information: The package is well described in its description. Security checks No known CVE entries, but as this package contains only fonts we do not expect any vulnerabilities. No executables, so also no SUID/GUID, daemons, startup scripts, port bindings. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fonts-urw-base35/+bug/1862048/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
