Subscription was added by James (thanks) now it was ready:
Override component to main
python-cheroot 8.5.2+ds1-1ubuntu3 in jammy: universe/misc -> main
python3-cheroot 8.5.2+ds1-1ubuntu3 in jammy amd64:
universe/python/optional/100% -> main
python3-cheroot 8.5.2+ds1-1ubuntu3 in jammy arm64:
The Team that needs to be subscribed is actually
https://launchpad.net/~ubuntu-openstack but other than that my
assessment above is still correct.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930111
FYI - Right now it seems this is all good, but waits for openstack-
ubuntu-packagers to subscribe to the package. I've pinged #openstack
about this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Thank you all,
to summarize we are now:
- MIR Ack
- Security Ack
=> Can be promoted to main from this POV
Currently we have:
python-cheroot | 8.5.2+ds1-1ubuntu2 | jammy/universe | source
python-cheroot | 8.5.2+ds1-1ubuntu3 | jammy-proposed/universe | source
That ubuntu3 version is
Security team ACK for promoting python-cheroot to main.
** Changed in: python-cheroot (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Assigning back to ubuntu-security for final review.
** Changed in: python-cheroot (Ubuntu)
Assignee: James Page (james-page) => (unassigned)
** Changed in: python-cheroot (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification
bug 1965306 covers the fixes for compatibility with Python 3.10.
** Changed in: python-cheroot (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930111
Title:
The hanging tests appear related to the switch in default Py3 to 3.10 as
the same tests pass fine with 3.9.
Looking upstream for a related fix.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930111
On the hanging unit tests - this did not happen when I did the original
test enablement and seems due to some other dependency change in Jammy -
I'll dig into that.
The newer cheroot version in Debian is not an option as it has further
test requirements that are not packaged.
** Changed in:
@ccdm94
Re the 777 permissions on the UNIX socket created in server.py - I guess
it would make sense to allow the UNIX socket permissions to be hardened
to be more limited. Seems like a desirable feature but I don't think
this code path is used in the scope of this MIR (cherrypy3).
I did a read
Thanks for the review, back on the openstack team to resolve the last
few requests - then it is ready. Assigning it to James Page for that.
** Changed in: python-cheroot (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => James Page (james-page)
--
You received this bug
I reviewed python-cheroot 8.5.2+ds1-1ubuntu2 as checked into jammy.
This shouldn't be considered a full audit but rather a quick gauge of
maintainability.
python-cheroot is a Python library that implements an HTTP server and
includes a WSGI module.
- CVE History: No CVEs in our UCT database.
-
Changing python-cheroot back to "Incomplete" as we need feedback from
the reporter about the security team's questions.
** Changed in: python-cheroot (Ubuntu)
Status: In Progress => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Hello,
I have been doing the security review for this package and before I can
finalize it, I would like to address some possible issues and try to
understand what might be their consequences:
(1) When building the package for analysis, I was unable to do so with testing
activated. The tests
** Changed in: python-cheroot (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930111
Title:
[MIR] new dependencies of cherrypy3: jaraco.collections,
Adding cherrypy3 task and update-excuse tag so this shows up under the
cherrypy3 entry on excuses.
** Also affects: cherrypy3 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: cherrypy3 (Ubuntu)
Status: New => In Progress
** Tags added: update-excuse
--
You received
Test suite execution during package build enabled (albeit with some
tests disabled due to missing dependencies or requirements for newer
versions of pytest modules).
Assigning task for Ubuntu Security team review.
** Changed in: python-cheroot (Ubuntu)
Status: Incomplete => New
**
Override component to main
zc.lockfile 2.0-1 in impish: universe/python -> main
python3-zc.lockfile 2.0-1 in impish amd64: universe/python/optional/100% -> main
python3-zc.lockfile 2.0-1 in impish arm64: universe/python/optional/100% -> main
python3-zc.lockfile 2.0-1 in impish armhf:
Override component to main
python-tempora 2.1.1-1 in impish: universe/misc -> main
python3-tempora 2.1.1-1 in impish amd64: universe/python/optional/100% -> main
python3-tempora 2.1.1-1 in impish arm64: universe/python/optional/100% -> main
python3-tempora 2.1.1-1 in impish armhf:
Override component to main
python-portend 2.6-1 in impish: universe/misc -> main
python3-portend 2.6-1 in impish amd64: universe/python/optional/100% -> main
python3-portend 2.6-1 in impish arm64: universe/python/optional/100% -> main
python3-portend 2.6-1 in impish armhf:
Override component to main
python-jaraco.functools 3.0.0-1 in impish: universe/misc -> main
python3-jaraco.functools 3.0.0-1 in impish amd64: universe/python/optional/100%
-> main
python3-jaraco.functools 3.0.0-1 in impish arm64: universe/python/optional/100%
-> main
python3-jaraco.functools
Override component to main
jaraco.text 3.5.0-2 in impish: universe/misc -> main
python3-jaraco.text 3.5.0-2 in impish amd64: universe/python/optional/100% ->
main
python3-jaraco.text 3.5.0-2 in impish arm64: universe/python/optional/100% ->
main
python3-jaraco.text 3.5.0-2 in impish armhf:
Override component to main
jaraco.collections 3.3.0-1 in impish: universe/misc -> main
python3-jaraco.collections 3.3.0-1 in impish amd64:
universe/python/optional/100% -> main
python3-jaraco.collections 3.3.0-1 in impish arm64:
universe/python/optional/100% -> main
python3-jaraco.collections
Override component to main
jaraco.classes 3.2.1-2 in impish: universe/misc -> main
python3-jaraco.classes 3.2.1-2 in impish amd64: universe/python/optional/100%
-> main
python3-jaraco.classes 3.2.1-2 in impish arm64: universe/python/optional/100%
-> main
python3-jaraco.classes 3.2.1-2 in impish
All OK apart from python-cheroot which needs some further work to enable
the test suite and will then need security team review.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930111
Title:
[MIR]
$ ./subscribe-to-package.py --user ubuntu-openstack --package zc.lockfile
ubuntu-openstack is now subscribed to all bugs about zc.lockfile.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930111
zc.lockfile:
[Summary]
Fairly simple python package to support IPC locks under Python3
+1 from MIR team for promotion to main.
[Duplication]
OK:
- There are similar packages in main but this is a fairly trivial python
module so no issue with some level of duplication.
[Dependencies]
OK:
-
$ ./subscribe-to-package.py --user ubuntu-openstack --package
jaraco.classes,jaraco.collections,jaraco.text,python-jaraco.functools,python-portend,python-temporaubuntu-openstack
is now subscribed to all bugs about jaraco.classes.
ubuntu-openstack is now subscribed to all bugs about
python-cheroot:
[Summary]
This package provides a pure Python HTTP server implementation which is
used as part of CherryPy - as a result it needs a full security review.
The test suite for this package is currently skipped due to missing
dependencies - as this feels like a critical part of
#7 was for python-portend
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930111
Title:
[MIR] new dependencies of cherrypy3: jaraco.collections,
jaraco.classes, jaraco.text, python-cheroot,
python-tempora:
[Summary]
Looks OK from my perspective for promotion to main and no security review
needed.
Would be nice to see the most recent upstream release but I don't consider this
a blocker for promotion.
+1 from MIR team.
[Duplication]
OK:
- There is no other package in main
python-jaraco.functools
[Summary]
Looks OK from my perspective for promotion to main and no security review
needed.
+1 from MIR team.
[Duplication]
OK:
- There is no other package in main providing the same functionality.
[Dependencies]
OK:
- All covered on this MIR bug.
[Embedded sources
[Summary]
Looks OK from my perspective for promotion to main and no security review
needed.
Would be nice to see the most recent upstream release but I don't consider this
a blocker for promotion.
+1 from MIR team.
[Duplication]
OK:
- There is no other package in main providing the same
jaraco.text
[Summary]
Looks OK from my perspective for promotion to main and no security review
needed.
+1 from MIR team.
[Duplication]
OK:
- There is no other package in main providing the same functionality.
[Dependencies]
OK:
- All covered on this MIR bug.
[Embedded sources and static
jaraco.collections:
[Summary]
Looks OK from my perspective for promotion to main and no security review
needed.
+1 from MIR team.
[Duplication]
OK:
- There is no other package in main providing the same functionality.
[Dependencies]
OK:
- All covered on this MIR bug.
[Embedded sources and
jaraco.classes:
[Summary]
Looks OK from my perspective for promotion to main and no security review
needed.
+1 from MIR team.
[Duplication]
OK:
- There is no other package in main providing the same functionality.
[Dependencies]
OK:
- All covered on this MIR bug.
[Embedded sources and static
for reference - ceph-mgr uses cherrypy3 which is what pulls this into
main.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1930111
Title:
[MIR] new dependencies of cherrypy3: jaraco.collections,
@James - will the openstack team own (and you do the reviews) on these ?
** Changed in: jaraco.classes (Ubuntu)
Assignee: (unassigned) => James Page (james-page)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
38 matches
Mail list logo
