Public bug reported: [Availability] Architecture-all perl package present in Ubuntu since 2014. https://launchpad.net/ubuntu/+source/libhttp-cookiejar-perl
[Rationale] Required by current libwww-perl in Debian. This duplicates / supersedes functionality already present in libhttp-cookies-perl, however libwww-perl describes libhttp-cookiejar-perl as "a safer cookie jar", "providing a better security model matching that of current Web browsers when Mozilla::PublicSuffix is installed". libwww-mechanize-perl is also a reverse-dependency of libhttp-cookies- perl in main and has not migrated to libhttp-cookiejar-perl yet in Debian, so it doesn't appear we can do a straight swap of one source package for the other at present. [Security] - No results on https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=HTTP%3A%3ACookiejar or https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=http-cookiejar - only false positives on unrelated packages when searching site:www.openwall.com/lists/oss-security - 0 results on https://ubuntu.com/security/cves?package=libhttp-cookiejar-perl - 0 security issues on https://security-tracker.debian.org/tracker/source-package/libhttp-cookiejar-perl Package does not ship any executables, it's a perl module; but by definition it will be used to handle untrusted input from the Internet. [Quality assurance - maintenance] No open bugs at https://bugs.launchpad.net/ubuntu/+source/libhttp-cookiejar-perl or https://bugs.debian.org/src:libhttp-cookiejar-perl. Single wishlist bug open at https://github.com/dagolden/HTTP-CookieJar/issues. [Quality assurance - testing] upstream tests are run via autodep8 and at package build time and pass on all archs https://autopkgtest.ubuntu.com/packages/libhttp-cookiejar-perl/mantic/amd64 [Quality assurance - packaging] - debian/watch is present and works - debian/control defines a correct Maintainer field - Lintian overrides are not present - This package does not rely on obsolete or about to be demoted packages. - The package will be installed by default, but does not ask debconf questions - Packaging and build is easy; trivial dh debian/rules [UI standards] - n/a, perl module only [Dependencies] - No further depends or recommends dependencies that are not yet in main [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - Owning Team will be foundations-bugs and will subscribe to the package before promotion [Background information] The Package description explains the package well ** Affects: libhttp-cookiejar-perl (Ubuntu) Importance: Undecided Status: New ** Changed in: libhttp-cookiejar-perl (Ubuntu) Milestone: None => ubuntu-23.10 -- You received this bug notification because you are a member of Debian Perl Group, which is subscribed to libhttp-cookiejar-perl in Ubuntu. https://bugs.launchpad.net/bugs/2024245 Title: [MIR] libhttp-cookiejar-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libhttp-cookiejar-perl/+bug/2024245/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~pkg-perl-maintainers Post to : [email protected] Unsubscribe : https://launchpad.net/~pkg-perl-maintainers More help : https://help.launchpad.net/ListHelp
