You have been subscribed to a public bug by James Page (james-page):
mongodb
Availability:
In universe for several releases.
Rationale:
Preferred data storage platform for Ceilometer (core OpenStack project)
and a key component juju-core.
Security:
Two security issues, both resolved upstream. native helper security
issue only impacts earlier versions of MongoDB - 2.4.x uses libv8
instead of spidermonkey and does not have this function.
QA:
Works out-of-the-box from packaging.
Package ships a test suite (smoke) which is executed on all target platforms.
Generally well maintained in Debian and in Ubuntu (server team).
Issue with OpenSSL license compatibility needs to be resolved (upstream working
on this).
Dependencies: All in main aside from libv8, snowball and gyp
Maintenance:
Upstream push out minor point releases for bug fixes (MRE will be applied for).
Packaging generally in good shape aside from static linking of client binaries
(being worked on in Debian).
libv8
Availability:
In universe for several releases.
Rationale:
Dependency for MongoDB embedded scripting engine.
Security:
Lots of CVE's:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=v8
I suspect that alot of these relate to the use of v8 in Chrome. However
as this is a core component of chrome, we can reasonably expect Google
to be responsive to security issues in the future.
QA:
Package works.
Regression tests executed during package build.
Dependencies:
Use gyp for build system.
Maintenance:
Well maintained in Debian (supports nodejs as well).
gyp
Availability:
In universe.
Rationale:
Build dependency for libv8
Security:
No CVE's found
QA:
Works from packaging, test suite present but not executed during build.
Dependencies: All in main
Maintenance:
Until recently not that well maintained in Debian; however nodejs
maintainer seems to be picking things up now (see version in saucy which
refreshed the package considerably).
snowball
Availability:
In universe.
Rationale:
libstemmer is a build and runtime dependency for mongodb 2.4
Security:
No CVE's found
QA:
Packaging generally looks good - multi-arched.
Unit test suite executed during package build process.
Dependencies:
All in main.
Maintenance:
Debian and Ubuntu hold a pre-release snapshot; not much activity in the
last 18 months.
Background information:
libstemmer provides algorithmic stemmer functions for building natural
language search functions.
** Affects: gyp (Ubuntu)
Importance: High
Status: New
** Affects: libv8 (Ubuntu)
Importance: High
Status: New
** Affects: mongodb (Ubuntu)
Importance: High
Status: New
** Affects: snowball (Ubuntu)
Importance: High
Status: New
--
[MIR] mongodb, libv8, snowball, gyp
https://bugs.launchpad.net/bugs/1187262
You received this bug notification because you are a member of Ubuntu Server
Team, which is subscribed to the bug report.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
