I reviewed python-octavia-lib 2.2.0-0ubuntu1 as checked into groovy. This shouldn't be considered a full audit but rather a quick gauge of maintainability.
python-octavia-lib is a python3 library for developers writing Octavia load balancer provider drivers. - No CVE history. - No concerning build or runtime depends. - Only autogenerated maintainer scripts for removing python compiled bytecode. - No init scripts. - No systemd units. - No dbus services. - No setuid binaries. - No binaries in PATH. - No sudo fragments. - No polkit files. - No udev rules. - Some unit tests, run at build time. No autopkgtests. - No cron jobs. - Build log is okay, no lintian warnings or errors.: - No apparent processes spawned. - Limited file IO. Uses AF_UNIX sockets to communicate with driver agents. - No apparent logging. - No apparent environment variable usage. - No use of privileged functions. - Cryptography: allows use of SSLv3 for pools and listeners. - No apparent use of temp files. - No use of WebKit. - No use of PolicyKit. - No Coverity findings. - No significant bandit results. Security team ACK for promoting python-octavia-lib to main. ** Tags added: security-review-done ** Changed in: python-octavia-lib (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1864666 Title: [MIR] python-octavia-lib, ovn-octavia-provider To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ovn-octavia-provider/+bug/1864666/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs