Public bug reported: The Tracker developers have renamed Tracker to TinySPARQL. We have packaged the latest version with the source package tinysparql and will remove the source package tracker after tinysparql migrates out of plucky-proposed.
[Availability] The package tinysparql is already in Ubuntu universe. The package tinysparql build for the architectures it is designed to work on. It currently builds and works for all Ubuntu architectures except for i386 Link to package https://launchpad.net/ubuntu/+source/tinysparql [Rationale] - The package tinysparql is required in Ubuntu main because it is GNOME's search indexer and is deeply integrated into nautilus. - The package tinysparql will generally be useful for a large part of our user base - The package tinysparql will not generally be useful for a large part of - The package tinysparql is a new runtime dependency of package nautilus that we already support - There is no other/better way to solve this that is already in main or should go universe->main instead of this. - The binary package tinysparql needs to be in main to achieve: the "tracker" name doesn't exist after the 3.7 series for GNOME 46. We want to use the supported "tinysparql" series instead. - The package tinysparql is required in Ubuntu main for Ubuntu 25.04. The package rename was uploaded to Ubuntu 25.04 before Feature Freeze. [Security] - No CVEs/security issues in this software in the past tracker-miners had a CVE (will be discussed in its rename to localsearch MIR LP: #) - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does install services, timers or recurring jobs systemd user service tinysparql-xdg-portal-3.service dbus service org.freedesktop.portal.Tracker.service - Security has been kept in mind and common isolation/risk-mitigation patterns are in place utilizing the following features: localsearch handles much of the indexing - Packages does not open privileged ports (ports < 1024). - Package does not expose any external endpoints TODO: - Packages does not contain extensions to security-sensitive software TODO: (filters, scanners, plugins, UI skins, ...) I'm not sure what those terms mean. Out of an abundance of caution (and because it requires NPM stuff which is complex to build), I have removed the tinysparql web-ide feature from the Debian/Ubuntu packaging of tracker. This annoys upstream who would prefer to have it easily available for install https://gitlab.gnome.org/GNOME/tinysparql/-/issues/477 GNOME provides this page for reporting security vulnerabilities in core GNOME components like tinysparql https://security.gnome.org/ [Quality assurance - function/usage] - The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream. However, there are a lot of open Ubuntu bugs. - Ubuntu https://bugs.launchpad.net/ubuntu/+source/tracker - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=tracker - Upstream https://gitlab.gnome.org/GNOME/tinysparql/-/issues The Ubuntu Desktop team believes that tracker has significantly improved in performance in recent years, but still might misbehave. On the other hand, the localsearch sandbox has been so strict that it can take time for the sandbox to be adjusted upstream to account for changes in dependencies. - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - The package runs a test suite on build time, if it fails it makes the build fail, link to build log https://launchpad.net/ubuntu/+source/tinysparql/3.8.2-3 TODO-A: - The package runs an autopkgtest, and is currently passing on TODO-A: this TBD list of architectures, link to test logs TBD https://autopkgtest.ubuntu.com/packages/tinysparql RULE: - existing but failing tests that shall be handled as "ok to fail" RULE: need to be explained along the test logs below TODO-A: - The package does have not failing autopkgtests right now TODO-B: - The package does have failing autopkgtests tests right now, but since TODO-B: they always failed they are handled as "ignored failure", this is TODO-B: ok because TBD [Quality assurance - packaging] - debian/watch is present and works - debian/control defines a correct Maintainer field - This package does not yield massive lintian Warnings, Errors - Please link to a recent build log of the package https://launchpad.net/ubuntu/+source/tinysparql/3.8.2-3 - Lintian overrides are not present - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies - The package will be installed by default, but does not ask debconf questions - Packaging and build is easy, link to debian/rules https://salsa.debian.org/gnome-team/tinysparql/-/blob/debian/latest/debian/rules [UI standards] - Application is end-user facing, Translation is present, via standard intltool/gettext or similar build and runtime internationalization system - End-user applications without desktop file, not needed because it is more of a service than an app. However, it can be configured with gnome- control-center in the Search page. [Dependencies] - No further depends or recommends dependencies that are not yet in main except for the localsearch MIR LP: # [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - The owning team will be Desktop Packages and I have their acknowledgement for that commitment TODO-A: - The future owning team is already subscribed to the package TODO-B: - The future owning team is not yet subscribed, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code - This package is not rust based - The package has been built within the last 3 months in the archive - Build link on launchpad: https://launchpad.net/ubuntu/+source/tinysparql/3.8.2-3 [Background information] The Package description explains the package well Upstream Name is tinysparql https://gitlab.gnome.org/GNOME/tinysparql Link to previous MIR LP: #1313996 Ubuntu 25.04 ships tinysparql 3.8 (GNOME 47) because localsearch 3.9 (GNOME 48) switched to ffmpeg/libav (which are in Ubuntu universe) and the Ubuntu Desktop Team has not had time to evaluate the situation. https://gitlab.gnome.org/GNOME/localsearch/-/merge_requests/579 ** Affects: tinysparql (Ubuntu) Importance: Undecided Status: New ** Description changed: The Tracker developers have renamed Tracker to TinySPARQL. We have packaged the latest version with the source package tinysparql and will remove the source package tracker after tinysparql migrates out of plucky-proposed. - [Availability] The package tinysparql is already in Ubuntu universe. The package tinysparql build for the architectures it is designed to work on. It currently builds and works for all Ubuntu architectures except for i386 Link to package https://launchpad.net/ubuntu/+source/tinysparql [Rationale] - The package tinysparql is required in Ubuntu main because it is GNOME's search indexer and is deeply integrated into nautilus. - The package tinysparql will generally be useful for a large part of our user base - The package tinysparql will not generally be useful for a large part of - The package tinysparql is a new runtime dependency of package nautilus that we already support - There is no other/better way to solve this that is already in main or should go universe->main instead of this. - The binary package tinysparql needs to be in main to achieve: the "tracker" name doesn't exist after the 3.7 series for GNOME 46. We want to use the supported "tinysparql" series instead. - The package tinysparql is required in Ubuntu main for Ubuntu 25.04. The package rename was uploaded to Ubuntu 25.04 before Feature Freeze. [Security] - No CVEs/security issues in this software in the past tracker-miners had a CVE (will be discussed in its rename to localsearch MIR LP: #) - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does install services, timers or recurring jobs systemd user service tinysparql-xdg-portal-3.service dbus service org.freedesktop.portal.Tracker.service - Security has been kept in mind and common isolation/risk-mitigation patterns are in place utilizing the following features: localsearch handles much of the indexing - Packages does not open privileged ports (ports < 1024). - Package does not expose any external endpoints TODO: - Packages does not contain extensions to security-sensitive software TODO: (filters, scanners, plugins, UI skins, ...) I'm not sure what those terms mean. Out of an abundance of caution (and because it requires NPM stuff which is complex to build), I have removed the tinysparql web-ide feature from the Debian/Ubuntu packaging of tracker. This annoys upstream who would prefer to have it easily available for install https://gitlab.gnome.org/GNOME/tinysparql/-/issues/477 GNOME provides this page for reporting security vulnerabilities in core GNOME components like tinysparql https://security.gnome.org/ [Quality assurance - function/usage] - The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream. However, there are a lot of open Ubuntu bugs. - Ubuntu https://bugs.launchpad.net/ubuntu/+source/tracker - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=tracker - Upstream https://gitlab.gnome.org/GNOME/tinysparql/-/issues The Ubuntu Desktop team believes that tracker has significantly improved in performance in recent years, but still might misbehave. On the other hand, the localsearch sandbox has been so strict that it can take time for the sandbox to be adjusted upstream to account for changes in dependencies. - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - The package runs a test suite on build time, if it fails it makes the build fail, link to build log - https://launchpad.net/ubuntu/+source/tinysparql/3.8.2-2 + https://launchpad.net/ubuntu/+source/tinysparql/3.8.2-3 TODO-A: - The package runs an autopkgtest, and is currently passing on TODO-A: this TBD list of architectures, link to test logs TBD https://autopkgtest.ubuntu.com/packages/tinysparql RULE: - existing but failing tests that shall be handled as "ok to fail" RULE: need to be explained along the test logs below TODO-A: - The package does have not failing autopkgtests right now TODO-B: - The package does have failing autopkgtests tests right now, but since TODO-B: they always failed they are handled as "ignored failure", this is TODO-B: ok because TBD [Quality assurance - packaging] - debian/watch is present and works - debian/control defines a correct Maintainer field - This package does not yield massive lintian Warnings, Errors - Please link to a recent build log of the package https://launchpad.net/ubuntu/+source/tinysparql/3.8.2-3 - Lintian overrides are not present - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies - The package will be installed by default, but does not ask debconf questions - Packaging and build is easy, link to debian/rules https://salsa.debian.org/gnome-team/tinysparql/-/blob/debian/latest/debian/rules [UI standards] - Application is end-user facing, Translation is present, via standard intltool/gettext or similar build and runtime internationalization system - End-user applications without desktop file, not needed because it is more of a service than an app. However, it can be configured with gnome- control-center in the Search page. [Dependencies] - No further depends or recommends dependencies that are not yet in main except for the localsearch MIR LP: # [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - The owning team will be Desktop Packages and I have their acknowledgement for that commitment TODO-A: - The future owning team is already subscribed to the package TODO-B: - The future owning team is not yet subscribed, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code - This package is not rust based - The package has been built within the last 3 months in the archive - Build link on launchpad: https://launchpad.net/ubuntu/+source/tinysparql/3.8.2-3 [Background information] The Package description explains the package well Upstream Name is tinysparql https://gitlab.gnome.org/GNOME/tinysparql Link to previous MIR LP: #1313996 Ubuntu 25.04 ships tinysparql 3.8 (GNOME 47) because localsearch 3.9 (GNOME 48) switched to ffmpeg/libav (which are in Ubuntu universe) and the Ubuntu Desktop Team has not had time to evaluate the situation. https://gitlab.gnome.org/GNOME/localsearch/-/merge_requests/579 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2099086 Title: [MIR] tinysparql To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tinysparql/+bug/2099086/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
