[Bug 1590425] Re: [MIR] python-ws4py
Override component to main python-ws4py 0.3.4-3 in yakkety: universe/misc -> main python-ws4py 0.3.4-3 in yakkety amd64: universe/python/extra/100% -> main python-ws4py 0.3.4-3 in yakkety arm64: universe/python/extra/100% -> main python-ws4py 0.3.4-3 in yakkety armhf: universe/python/extra/100% -> main python-ws4py 0.3.4-3 in yakkety i386: universe/python/extra/100% -> main python-ws4py 0.3.4-3 in yakkety powerpc: universe/python/extra/100% -> main python-ws4py 0.3.4-3 in yakkety ppc64el: universe/python/extra/100% -> main python-ws4py 0.3.4-3 in yakkety s390x: universe/python/extra/100% -> main python3-ws4py 0.3.4-3 in yakkety amd64: universe/python/extra/100% -> main python3-ws4py 0.3.4-3 in yakkety arm64: universe/python/extra/100% -> main python3-ws4py 0.3.4-3 in yakkety armhf: universe/python/extra/100% -> main python3-ws4py 0.3.4-3 in yakkety i386: universe/python/extra/100% -> main python3-ws4py 0.3.4-3 in yakkety powerpc: universe/python/extra/100% -> main python3-ws4py 0.3.4-3 in yakkety ppc64el: universe/python/extra/100% -> main python3-ws4py 0.3.4-3 in yakkety s390x: universe/python/extra/100% -> main 15 publications overridden. ** Changed in: python-ws4py (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
** Changed in: python-ws4py (Ubuntu) Status: Incomplete => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
Thanks can we get this promoted now? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
Hello; I reviewed python-ws4py version 0.3.4-3 as checked into Ubuntu yakkety. This shouldn't be considered a full security audit but rather a quick gauge of maintainability. - No CVEs in our UCT database - python-ws4py provides a python interface to websockets, both client and server implementations, for pure-python stdlib, tornado, gevent, (the client) and cherrypy, gevent, wsgiref, and asyncio (the server). - Build-deps: debhelper, dh-python, python-all, python-cherrypy3, python-gevent, python-mock, python-nose, python-setuptools, python-sphinx, python-sphinxcontrib.seqdiag, python-tornado, python3-all, python3-cherrypy3, python3-mock, python3-nose, python3-setuptools, python3-sphinx, python3-sphinxcontrib.seqdiag, python3-tornado - Extensive networking - No cryptography - Does not itself daemonize - Can listen on network sockets - Does not itself pick userid - pre/post inst/rm are automatically generated - No init scripts - No dbus services - Not setuid - No binaries in PATH - No sudo fragments - No udev rules - Smallish testsuite run during build; upstream uses a functional test framework for their releases - No cron jobs - Mostly clean build logs with a surprising entry: Warning: apt-key output should not be parsed (stdout is not a terminal) - No subprocesses spawned - Doesn't itself open files - Light logging - Does not itself use environment variables - Does not itself use privileged functions - No cryptography - A lot of simple networking; complicated framing mechanism - WSGI / gevent / asyncio / tornado / cherrypy - No privileged portions of code - No temporary files - No WebKit - No PolicyKit - No JavaScript This looked to be professionally programmed and while it touches on complicated areas of networking protocols and browsers, itself looks clean and straightforward. There are notes in the documentation that the wsgi and asyncio server implementations look immature or unsuitable by design for production use, so clients may need to be careful about which functionality is used. Presumably clients can be smart about this. Security team ACK for promoting python-ws4py to main. Thanks ** Changed in: python-ws4py (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1590425] Re: [MIR] python-ws4py
On 08/08/2016 06:27 PM, Chuck Short wrote: > Any update on this? > The security review should begin today. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
Any update on this? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
Team subscriber added. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
Any update on this? I know you guys are busy but python-pylxd has been sitting in proposed for nearly 3 weeks because of this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
Not yet. We've got a few openstack related MIRs to get through first. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
Any update on this? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
- Needs a team bug subscriber Looks fine besides, but needs a security looksee. ** Changed in: python-ws4py (Ubuntu) Status: New => Incomplete ** Changed in: python-ws4py (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
OK, I dug myself. Only python-ws4py is needed. Everything else is a build-dep. ** No longer affects: python-gevent (Ubuntu) ** No longer affects: python-cherrypy (Ubuntu) ** No longer affects: python-tornado (Ubuntu) ** No longer affects: sphinxcontrib-seqdiag (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
Same question for python-tornado. Is it just a build-depend? It used to be approved in main (bug 1047432), but dropped out in yakkety. ** Changed in: python-tornado (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-ws4py/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
Is sphinxcontrib-seqdiag just a build-depend? ** Changed in: sphinxcontrib-seqdiag (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-cherrypy/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
Whoops, python-cherrypy has a MIR already in bug 912315. The outcome from that was "packages should use python-cherrypy3 instead" ** Changed in: python-cherrypy (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-cherrypy/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
** Also affects: sphinxcontrib-seqdiag (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-cherrypy/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1590425] Re: [MIR] python-ws4py
** Also affects: python-cherrypy (Ubuntu) Importance: Undecided Status: New ** Also affects: python-gevent (Ubuntu) Importance: Undecided Status: New ** Also affects: python-tornado (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1590425 Title: [MIR] python-ws4py To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-cherrypy/+bug/1590425/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
