[Summary]
This package is safe to include in main.
This does need a security review, so I'll assign ubuntu-security
List of specific binary packages to be promoted to main:
* ftdi-eeprom
* libftdi1-2
* libftdi1-dev
* libftdi1-doc
* libftdipp1-3
* libftdipp1-dev
* python3-ftdi1
[Duplication]
OK: There is no other package in main providing the same functionality.
[Dependencies]
OK: All binary dependencies not in main are built by this package
[Embedded sources and static linking]
OK: none
[Security]
OK:
- no CVEs
- does not run a daemon
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam, etc)
Problems:
- Needs review due to the nature of the package
- does parse data formats
- The FTDI devices can be used for many security relevant purposes.
For example, flashrom makes use of FTDI devices in some cases to flash
chips.
This happens at the highest possible security levels.
[Common blockers]
OK:
- Does not FTBFS
- Added foundations-bugs as a bug subscriber
- no translation needed
- not a python or go package
- has test suites that run at build time and as autopkgtest
[Packaging red flags]
OK:
Upstream update history is slow, but not unreasonably so. A new version was
released last July
[Upstream red flags]
OK:
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1912371
Title:
[MIR] flashrom + libftdi
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/flashrom/+bug/1912371/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
