python-tempora: [Summary] Looks OK from my perspective for promotion to main and no security review needed.
Would be nice to see the most recent upstream release but I don't consider this a blocker for promotion. +1 from MIR team. [Duplication] OK: - There is no other package in main providing the same functionality. [Dependencies] OK: - All covered on this MIR bug. [Embedded sources and static linking] OK: - no embedded source present - no static linking [Security] OK: - no history of CVE's (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jaraco) - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not parse data formats - does not open a port - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) [Common blockers] OK: - does not FTBFS currently - does have a test suite that runs at build time - test suite fails will fail the build upon error. - does have a test suite that runs as autopkgtest - The package has a team bug subscriber - no translation present, but none needed for this case - no new python2 dependency - Python package that is using dh_python [Packaging red flags] OK: - Ubuntu does not carry a delta - symbols tracking not applicable for this kind of code. - d/watch is present and looks ok - Upstream update history is good - Relatively new package so no update history - the current release is not packaged (2.1.1 vs 4.0.2) - promoting this does not seem to cause issues for MOTUs that so far maintained the package - no massive Lintian warnings - d/rules is rather clean - Does not have Built-Using Recommendation: - Bump package version to most recent upstream release (not a blocker). [Upstream red flags] OK: - no Errors/warnings during the build - no incautious use of malloc/sprintf (as far as I can check it) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream - no dependency on webkit, qtwebkit, seed or libgoa-* - not part of the UI for extra checks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1930111 Title: [MIR] new dependencies of cherrypy3: jaraco.collections, jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools, python-tempora, python-portend, zc.lockfile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jaraco.classes/+bug/1930111/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
