I certainly can't see this as a small and easy package to maintain in
general. Fortunately, right now it is in sync with Debian, but it's a
pretty big codebase. Any issues that might come up, especially security
issues, might be effort-intensive, though at a quick glance I didn't
notice anything sensitive popping up -- that said, I only did a quick
review of the code -- there's some 260 files of source code.
There doesn't appear to be open CVEs, the packaging quality is as one
would expect.
There appears to be test sources at least for libspa, but those do not
seem to get run by the upstream build process when running 'make check'.
Do you need all the binaries in main? You do mention "not libspa-
ffmpeg", but what of the other binaries? If this is just for pipewire
binary itself, then it would only require libpipewire-0.2-1 and
pipewire.
Assigning to Security Team for a code review.
** Changed in: pipewire (Ubuntu)
Assignee: Mathieu Trudel-Lapierre (cyphermox) => Ubuntu Security Team
(ubuntu-security)
** Changed in: pipewire (Ubuntu)
Status: In Progress => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1802533
Title:
[MIR] pipewire
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pipewire/+bug/1802533/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
