Thanks Matthias! On Tue, Jan 10, 2017 at 1:43 AM, Matthias Klose <d...@ubuntu.com> wrote:
> Override component to main > xdelta3 3.0.11-dfsg-1ubuntu1 in zesty: universe/utils -> main > xdelta3 3.0.11-dfsg-1ubuntu1 in zesty amd64: universe/utils/optional/100% > -> main > xdelta3 3.0.11-dfsg-1ubuntu1 in zesty arm64: universe/utils/optional/100% > -> main > xdelta3 3.0.11-dfsg-1ubuntu1 in zesty armhf: universe/utils/optional/100% > -> main > xdelta3 3.0.11-dfsg-1ubuntu1 in zesty i386: universe/utils/optional/100% > -> main > xdelta3 3.0.11-dfsg-1ubuntu1 in zesty powerpc: > universe/utils/optional/100% -> main > xdelta3 3.0.11-dfsg-1ubuntu1 in zesty ppc64el: > universe/utils/optional/100% -> main > xdelta3 3.0.11-dfsg-1ubuntu1 in zesty s390x: universe/utils/optional/100% > -> main > 8 publications overridden. > > > ** Changed in: xdelta3 (Ubuntu) > Status: New => Fix Released > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1647222 > > Title: > [MIR] xdelta3 > > Status in xdelta3 package in Ubuntu: > Fix Released > > Bug description: > MIR for xdelta3 > > > This is a request to include the xdelta3 package in Ubuntu main. > > See below for point-for-point discussion of the items listed at: > https://wiki.ubuntu.com/UbuntuMainInclusionRequirements > > [Availability] > > Ubuntu Zesty contains xdelta 3.0.11-dfsg-1 in universe. > > [Rationale] > > xdelta3 is required for the 'download delta' feature in snapd. This > allows > users to save a considerable amount of bandwidth when downloading > updates for > installed snap packages. The code has all landed in snapd behind a > feature flag, > but cannot be turned on by default until xdelta3 is in main, so snapd > can depend > on xdelta3. > > [Security] > > There was one CVE files against xdelta3 that I could find: > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9765 > > The xdelta3 package installs a single binary (/usr/bin/xdelta3) which is > not > suid or sgid. > > [Quality assurance] > > - The xdelta3 package requires no configuration after installation. > > - As far as I can tell, the package asks no debconf questions of any > priority. > > - There are 90 open issues in the upstream bugtracker: > https://github.com/jmacd/xdelta/issues > > - I've scanned the issue list, and while a few issues may impact Ubuntu > users > using xdelta3, none of them seem serious enough to warrant exclusion > from main > in my opinion (but what do I know - that's for someone else to > determine). > > - The debian bug tracker contains security bug: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814067 > > However this is fixed in the upstream release that's in zesty, and I > can see a > distropatch in the version that's in Xenial (I'm assuming it's been > fixed in > yakkety as well). > > - The debian package is maintained by 'A Mennucc1', see: > https://packages.qa.debian.org/x/xdelta3.html > > - The xdelta3 packages does not require any exotic hardware. > > - I'm honestly not sure if the upstream test suite is run during the > package > build. I see no explicit test runs in debian/rules, but there is a > 'check' > make target, so perhaps that's invoked by default? > > - The package contains a debain/watch file. > > [UI Standards] > > The xdelta3 package ships command line utilities, so I think it's except > from > the requirements of this section. > > [Dependencies] > > The two dependencies of xdelta3 (libc6 and liblzma5) are both already > in main. > > [Standards Compliance] > > Since xdelta3 is already in debian, I can only assume that it conforms > to the > related standards. > > [Maintenance] > > I think xdelta3 is relatively stable software, and the debian > maintenance seems > adequate to me to minimise the amount of work we need to do to keep this > package > in main. > > [Background Information] > > The xdelta3 package description contains a basic useful description of > the > purpose of the package. The motivation behind this MIR is described in > the > 'rationale' section of this bug report. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/xdelta3/+bug/ > 1647222/+subscriptions > -- Thomi Richards thomi.richa...@canonical.com ** Bug watch added: Debian Bug tracker #814067 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814067 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-9765 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1647222 Title: [MIR] xdelta3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xdelta3/+bug/1647222/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs