** Description changed:
- TBC
+ [Availability]
+ The package libsass is already in Ubuntu universe.
+ The package libsass builds for the architectures it is designed to work on.
+ It currently builds and works for architectures: amd64, arm64, armhf, i386,
ppc64el, riscv64, s390x
+ Link to package https://launchpad.net/ubuntu/+source/libsass
+
+ [Rationale]
+ The package libsass is required in Ubuntu main because Horizon has switched
from Django-pyscss to libsass and its Python wrapper.
+ The package libsass will generally be useful for a large part of our user
base.
+ The package libsass is a new runtime dependency of package OpenStack Horizon
that we already support.
+ There is no other/better way to solve this that is already in main or should
go universe->main instead of this.
+ The binary package libsass needs to be in main as it is a new dependency for
OpenStack Horizon which is switching away from the previously used
django_pyscss.
+
+ The package libsass-python is required in Ubuntu main no later than
+ February 20, 2025 due to feature freeze.
+
+ [Security]
+ Had 39 security issues in the past
+ https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsass
+ https://ubuntu.com/security/cves?q=libsass
+ https://security-tracker.debian.org/tracker/source-package/libsass
+
+ Based on the Debian bug tracker, it appears most CVEs have been resolved
+ aside from 1 categorized under “Open unimportant issues” and 3 under
+ “Open issues” but fixed for Debian versions Trixie and Sid.
+
+ no `suid` or `sgid` binaries
+ no executables in `/sbin` and `/usr/sbin`
+ Package does not install services, timers or recurring jobs
+ Packages does not open privileged ports (ports < 1024).
+ Package does not expose any external endpoints
+ Packages does not contain extensions to security-sensitive software
+
+ [Quality assurance - function/usage]
+ The package works well right after install
+
+ [Quality assurance - maintenance]
+ The package is maintained well in Debian/Ubuntu/Upstream and does
+ not have too many, long-term & critical, open bugs (2 open as of Feb 3)
+ Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libsass/+bug
+ Debian: https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsass
+ GitHub Issues: https://github.com/sass/libsass/issues
+ The package has important open bugs, listing them:
https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsass
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953415
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988884
+
+ The package does not deal with exotic hardware we cannot support
+
+ [Quality assurance - testing]
+ The package does not run a test at build time. It is currently an
ubuntu-openstack TODO to add. The upstream does contain a Makefile in the
‘test’ directory that can be invoked at build time.
+
+ The package runs an autopkgtest, and is currently passing on amd64,
+ arm64, armhf, i386, ppc64el, riscv64, and s390x architectures, link to
+ test logs: https://launchpad.net/ubuntu/+source/libsass/3.6.5+20231221-3
+
+ The package does have not failing autopkgtests right now.
+
+ [Quality assurance - packaging]
+ debian/watch is present and works
+ debian/control defines a correct Maintainer field (Debian Sass team
<[email protected]>)
+
+ This package does not yield massive lintian Warnings, Errors
+ Please link to a recent build log of the package:
https://launchpadlibrarian.net/706597691/buildlog_ubuntu-noble-amd64.libsass_3.6.5+20231221-3_BUILDING.txt.gz
+ Please attach the full output you have got from `lintian --pedantic` as an
extra post to this bug - no output generated on either binary package
+ Lintian overrides are present, but ok because they related to
copyright/license files:
+ ```
+ # License is in Reference field (see bug#786450)
+ missing-license-paragraph-in-dep5-copyright gpl-3\+ *
+ missing-license-text-in-dep5-copyright GPL-3\+ *
+ ```
+ This package does not rely on obsolete or about to be demoted packages.
+ This package has no python2 or GTK2 dependencies
+ The package will not be installed by default
+
+ Packaging and build is easy, link to debian/rules:
+ https://git.launchpad.net/ubuntu/+source/libsass/tree/debian/rules
+
+ [UI standards]
+ Application is not end-user facing (does not need translation)
+
+ [Dependencies]
+ No further depends or recommends dependencies that are not yet in main
+
+ [Standards compliance]
+ This package correctly follows FHS and Debian Policy
+
+ [Maintenance/Owner]
+ The owning team will be ubuntu-openstack and I have their acknowledgement for
that commitment.
+ The future owning team is already subscribed to the package.
+
+ This package generates a static file libsass.a. The team ubuntu-
+ openstack is aware of the implications by a static build and commits to
+ test no-change-rebuilds and to fix any issues found for the lifetime of
+ the release (including ESM)
+
+ This does not use vendored code
+ This package is not rust based
+
+ This package has not been built in the last 3 months. The last build was
December 30, 2023.
+ Build link on launchpad:
https://launchpad.net/ubuntu/+source/libsass/3.6.5+20231221-3
+
+ [Background information]
+ The Package description explains the package well
+ Upstream Name is libsass
+ Link to upstream project: https://github.com/sass/libsass
** Changed in: libsass (Ubuntu)
Assignee: Myles Penner (mylesjp) => (unassigned)
** Changed in: libsass (Ubuntu)
Status: In Progress => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2095582
Title:
[MIR] libsass
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libsass/+bug/2095582/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
