[Bug 1864666] Re: [MIR] python-octavia-lib, ovn-octavia-provider

Steve Beattie Mon, 19 Oct 2020 23:06:13 -0700

I reviewed python-octavia-lib 2.2.0-0ubuntu1 as checked into groovy.  This 
shouldn't be
considered a full audit but rather a quick gauge of maintainability.


python-octavia-lib is a python3 library for developers writing Octavia
load balancer provider drivers.

- No CVE history.
- No concerning build or runtime depends.
- Only autogenerated maintainer scripts for removing python compiled
  bytecode.
- No init scripts.
- No systemd units.
- No dbus services.
- No setuid binaries.
- No binaries in PATH.
- No sudo fragments.
- No polkit files.
- No udev rules.
- Some unit tests, run at build time. No autopkgtests.
- No cron jobs.
- Build log is okay, no lintian warnings or errors.:

- No apparent processes spawned.
- Limited file IO. Uses AF_UNIX sockets to communicate with driver
  agents.
- No apparent logging.
- No apparent environment variable usage.
- No use of privileged functions.
- Cryptography: allows use of SSLv3 for pools and listeners.
- No apparent use of temp files.
- No use of WebKit.
- No use of PolicyKit.

- No Coverity findings.
- No significant bandit results.

Security team ACK for promoting python-octavia-lib to main.


** Tags added: security-review-done

** Changed in: python-octavia-lib (Ubuntu)
     Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1864666

Title:
  [MIR] python-octavia-lib, ovn-octavia-provider

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ovn-octavia-provider/+bug/1864666/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1864666] Re: [MIR] python-octavia-lib, ovn-octavia-provider

Reply via email to