** Attachment added: "Coverity results" https://bugs.launchpad.net/ubuntu/+source/libpgm/+bug/1820203/+attachment/5270475/+files/coverity.txt
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libpgm in Ubuntu. https://bugs.launchpad.net/bugs/1820203 Title: [MIR] libpgm as dependency of mailman3 Status in libpgm package in Ubuntu: New Bug description: [Availability] The package is already universe for quite a while and build/works fine so far. It is for example already used for https://lists.canonical.com/mailman3/postorius/lists/ OTOH it is a library that can/could be used for much more than just the mailman3 stack. It builds on all architectures (arch:any) [Security] No known CVEs found. The protocol had some issues a few years ago and related issues in Cisco/Microsoft products, but I found no open issues in the package. => https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=pgm [Quality assurance] As part of the mailman3 stacks as of now (Disco) this installs fine and works fine. On itself it is useful to (many) other dependencies and does not need a post install configuration on its own. The package does not ask debconf questions. One known bug in each of Ubuntu and Debian. - The Ubunut bug is outdated and should be ok with 5.2 which we have. - The Debian bug is only important for solaris builds Upstream has 16 open and 27 closed issues - nothing very severe for our intentions. The package seems get updates by Debian as needed. But upstream seems to have stopped releasing after 2012. => https://github.com/steve-o/openpgm/releases After talking with one of the uploaders it became clear that they still work on master and fixes can be pulled from there as needed. https://github.com/steve-o/openpgm/commits/master No exotic HW involved. There are some tests in ./openpgm/pgm/test/ and ./openpgm/pgm/*_unittest.c but dh_auto_test isn't catching them. OTOH I can't even guarantee they would be usable, but TL;DR no build time tests run. d/watch is set up and ok. gNo Lintian warning except newer Standards/Compat versions and no HTTPS links uses or GPG checks - nothing severe. The package does not rely on demoted or obsolete packages. The Scons build system is a pain, but it seems to work as packaged by Debian so no complains. No new gt2k dependencies As mentioned the package itself might be abandoned/orphaned by upstream [UI standards] It uses i18n from gi18n-lib to provide the infrastructure, but I found no translations so far. But that is ok as this is a low level library without (a lot) of user visible strings - no translations (needed). No End-user applications that needs a standard conformant desktop file. [Dependencies] Some dependencies are not in main, but we drive MIR for all related packages that are not in main at the same time. Please check the list of bugs from the main Mailman3 MIR in bug 1775427 to get an overview. [Standards compliance] The package meets the FHS and Debian Policy standards. The packaging itself is very straight forward and uses dh_* as much as possible - the d/rules fits on one screen. [Maintenance] The Server team will subscribe for the package for maintenance, but in general it seems low on updates and currently is a sync from Debian. [Background] The package description explains the general purpose and context of the package well. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpgm/+bug/1820203/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
