[Summary]
This is a small, simple and well done package.
It doesn't do a lot, but that which it does it does well.
MIR Team Ack to promote this.
This does not need a security review.
List of specific binary packages to be promoted to main: prips
Please do the seed/packaging changes that will pull this into main and
then set the state to "Fix Committed" for the AAs to see it.
[Duplication]
There are a few tools that do rather similar tasks e.g. ipcalc.
But none is in main already. I've had utkarsh check for e.g. existing
python modules in main that do the very same, but there was nothing usable
in the same scope as it is needed.
[Dependencies]
OK:
- no other Dependencies to MIR due to this
- no -dev/-debug/-doc packages that need exclusion
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
Problems:
- does parse data formats, but not on a port, rpc call or anything like it.
But only if called locally and not at elevated privileges. If an attacker
can run binaries here already he does not need prips to do more.
[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
- test suite fails will fail the build upon error.
- does have a test suite that runs as autopkgtest
- The package has a team bug subscriber (I've subscrubed us just now)
- no translation present, but none needed for this case (user visible)?
- not a python/go package, no extra constraints to consider in that regard
- no new python2 dependency
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is slow but due to being stable and not having
feature creep
- Debian/Ubuntu update history is slow
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using
- is not on the lto-disabled list
[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks
** Changed in: prips (Ubuntu)
Assignee: Christian Ehrhardt (paelzer) => (unassigned)
** Changed in: prips (Ubuntu)
Status: New => In Progress
** Changed in: prips (Ubuntu)
Assignee: (unassigned) => Utkarsh Gupta (utkarsh)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930207
Title:
[MIR] prips package
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/prips/+bug/1930207/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
