You have been subscribed to a public bug by James Page (james-page): >> mongodb <<
Availability: In universe for several releases. Rationale: Preferred data storage platform for Ceilometer (core OpenStack project) and a key component juju-core. Security: Two security issues, both resolved upstream. native helper security issue only impacts earlier versions of MongoDB - 2.4.x uses libv8 instead of spidermonkey and does not have this function. QA: Works out-of-the-box from packaging. Package ships a test suite (smoke) which is executed on all target platforms. Generally well maintained in Debian and in Ubuntu (server team). Issue with OpenSSL license compatibility needs to be resolved (upstream working on this). Dependencies: All in main aside from libv8, snowball and gyp Maintenance: Upstream push out minor point releases for bug fixes (MRE will be applied for). Packaging generally in good shape aside from static linking of client binaries (being worked on in Debian). >> libv8 << Availability: In universe for several releases. Rationale: Dependency for MongoDB embedded scripting engine. Security: Lots of CVE's: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=v8 I suspect that alot of these relate to the use of v8 in Chrome. However as this is a core component of chrome, we can reasonably expect Google to be responsive to security issues in the future. QA: Package works. Regression tests executed during package build. Dependencies: Use gyp for build system. Maintenance: Well maintained in Debian (supports nodejs as well). >> gyp << Availability: In universe. Rationale: Build dependency for libv8 Security: No CVE's found QA: Works from packaging, test suite present but not executed during build. Dependencies: All in main Maintenance: Until recently not that well maintained in Debian; however nodejs maintainer seems to be picking things up now (see version in saucy which refreshed the package considerably). >> snowball << Availability: In universe. Rationale: libstemmer is a build and runtime dependency for mongodb > 2.4 Security: No CVE's found QA: Packaging generally looks good - multi-arched. Unit test suite executed during package build process. Dependencies: All in main. Maintenance: Debian and Ubuntu hold a pre-release snapshot; not much activity in the last 18 months. Background information: libstemmer provides algorithmic stemmer functions for building natural language search functions. ** Affects: gyp (Ubuntu) Importance: High Status: New ** Affects: libv8 (Ubuntu) Importance: High Status: New ** Affects: mongodb (Ubuntu) Importance: High Status: New ** Affects: snowball (Ubuntu) Importance: High Status: New -- [MIR] mongodb, libv8, snowball, gyp https://bugs.launchpad.net/bugs/1187262 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
