[Bug 1815483] Re: [MIR] libhandy
desktop-package subscribed and package promotoed ** Changed in: libhandy (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815483 Title: [MIR] libhandy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1815483] Re: [MIR] libhandy
package subscriber is missing ** Changed in: libhandy (Ubuntu) Status: Fix Committed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815483 Title: [MIR] libhandy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1815483] Re: [MIR] libhandy
gnome-calendar is now depending on it so we are going to promote ** Changed in: libhandy (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815483 Title: [MIR] libhandy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1815483] Re: [MIR] libhandy
Thanks for the check Eduardo, I'm actually not sure the Desktop Team still drives this oO. All mid/high prio issues of the MIR review got adressed as well. In terms of the process it seems this would be ok to be promoted, given that no commit is made to trigger the component mismatch per [1] the state for this until that is done is "in progress". [1]: https://wiki.ubuntu.com/MIRTeam#Process_states ** Changed in: libhandy (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815483 Title: [MIR] libhandy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1815483] Re: [MIR] libhandy
I reviewed libhandy 0.0.10-1 as checked into eoan. This shouldn't be considered a full audit but rather a quick gauge of maintainability. libhandy is a library full of GTK widgets for mobile phones. The aim of libhandy is to help with developing UI for mobile devices using GTK/GNOME. - No CVE History: - Build-Depends - debhelper-compat - dh-sequence-gir - gtk-doc-tools - libgirepository1.0-dev - libgladeui-dev - libglib2.0-doc - libgnome-desktop-3-dev - libgtk-3-doc - libgtk-3-dev - libxml2-utils - meson - pkg-config - valac - No pre/post inst/rm scripts - No init scripts - No systemd units - No dbus services - No setuid binaries - No binaries in PATH - No sudo fragments - No udev rules - Unit tests / autopkgtests - under tests/ there are quite a few tests available testing different widgets - autopkgtests passing on: https://autopkgtest.ubuntu.com/packages/libh/libhandy https://ci.debian.net/packages/libh/libhandy/ - No cron jobs - Build logs: - Some compiler warnings: update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-action-row' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-arrows' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-combo-row' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-dialer' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-dialer-cycle-button' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-dialog' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-expander-row' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-header-bar' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-header-group' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-preferences-group' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-preferences-page' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-preferences-row' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-preferences-window' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-search-bar' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-squeezer' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-string-utf8' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-value-object' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-view-switcher' WARNING: Use the 'pie' kwarg instead of passing '-fpie' manually to 'test-view-switcher-bar' html/HdyViewSwitcher.html:135: warning: no link for: "PangoEllipsizeMode" -> (PangoEllipsizeMode). html/HdyViewSwitcher.html:543: warning: no link for: "PANGO-ELLIPSIZE-NONE:CAPS" -> (PANGO_ELLIPSIZE_NONE) - No processes spawned - Memory management - It looks safe - No File IO - No Logging - No Environment variable usage - No Use of privileged functions - No Use of cryptography - No Use of temp files - No Use of networking - No Use of WebKit - No Use of PolicyKit - No significant cppcheck results - We don't have Coverity results so far, as we are having issues with coverity + meson. - A few FIXME around the code, mostly on src/hdy-leaflet.c, nothing that would block the MIR This library is well maintained and GNOME apps should use even more libhandy in the future. Although this is still not a "stable" release, we don't have any objections on it going to main. I am not sure if you will want to wait for version 0.1.0 or will need to move ahead to get the current version into 19.10. If you are going to wait for the "stable" release, just let us know and we can review and compare the changes with the current audit. Security team ACK for promoting libhandy to main. ** Changed in: libhandy (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815483 Title: [MIR] libhandy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1815483] Re: [MIR] libhandy
** Merge proposal linked: https://code.launchpad.net/~rbalint/ubuntu-seeds/+git/ubuntu/+merge/364069 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815483 Title: [MIR] libhandy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1815483] Re: [MIR] libhandy
I fixed the build issues you pointed out in Debian and Ubuntu now. As I said, the Ubuntu Desktop team doesn't need this package in main for 19.04. We have decided we don't want the -dev package in main because we don't want glade, so I have made sure it's excluded from the automatic inclusion of -dev packages: https://git.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/+git/ubuntu/commit/?id=d2beb8 https://source.puri.sm/Librem5/libhandy/wikis/home suggests they will have their 0.1.0 first "stable" release next month alongside GNOME 3.32. It's hoped that the Librem 5 smartphone will being shipping soon after that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815483 Title: [MIR] libhandy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1815483] Re: [MIR] libhandy
*will begin shipping* -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815483 Title: [MIR] libhandy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1815483] Re: [MIR] libhandy
** Description changed: Availability Built for all supported architectures. In sync with Debian. Rationale = libhandy is an extension of GTK3 to allow for so-called responsive design or reactive layout. libhandy is developed by Purism which aims to produce a phone running a complete free software stack. Purism wants to enable a form of GNOME to run on the phone as an option (KDE Plasma and even Ubuntu Touch may be available later too). Ubuntu 19.04's gnome-control-center 3.31.90 includes an embedded copy of libhandy. As we do with other libraries, it would be nice to transition to a shared library instead. The Ubuntu Desktop team believes it is reasonable to use the embedded copy for 19.04 so there isn't urgency for this MIR. - Besides gnome-control-center, the universe apps gnome-contacts and - gnome-games-app alse use libhandy. I expect more Ubuntu main apps will - use libhandy in the future. + Besides gnome-control-center, the universe apps epiphany, gnome-contacts + and gnome-games-app alse use libhandy. I expect more Ubuntu main apps + will use libhandy in the future. Security No known security issues https://security-tracker.debian.org/tracker/source-package/libhandy https://launchpad.net/ubuntu/+source/libhandy/+cve Quality assurance = - Ubuntu Desktop bugs needs to be subscribed https://bugs.launchpad.net/ubuntu/+source/libhandy https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libhandy https://source.puri.sm/Librem5/libhandy/issues There is an autopkgtest passing on all architectures to test C compiling of a minimal libhandy app. The upstream test suite is run during the build using dh_auto_test. https://autopkgtest.ubuntu.com/packages/libh/libhandy https://ci.debian.net/packages/libh/libhandy/ Dependencies All dependencies for the library are in main. The -dev package depends on libgladeui (part of the glade source) which used to be in main until we allowed universe Build-Depends shortly before Ubuntu 16.04 LTS's release. glade is old enough that it never had a MIR in Launchpad. libhandy does provide a build option for the Glade catalog feature. It feels like it would be really useful to developers to have libhandy support in the Glade app (or in GNOME Builder which now offers Glade editing.) Glade is a GUI tool for building user interfaces for GTK apps (instead of needing to code them manually with XML or your favorite programming language). So my preference order is #1 Promote Glade or at least libgladeui to main, #2 Keep the libhandy -dev package out of main, #3 Disable Glade support for libhandy. Standards compliance - 4.1.3, debhelper compat 11, simple dh7 style rules + 4.1.3, debhelper compat 12, simple dh7 style rules Maintenance === Maintained in Debian by one of the Purism libhadny developers - https://salsa.debian.org/DebianOnMobile-team/libhandy + https://salsa.debian.org/DebianOnMobile-team/libhandy/tree/debian/sid https://source.puri.sm/Librem5/libhandy Other Info == At a recent GTK hackfest, moving some of libhandy's functionality into GTK4 was discussed. It's trickier to do that with GTK3 since GTK3 is supposed to be in stable mode since 2016. https://blog.gtk.org/2019/02/08/report-from-the-gtk-hackfest-in- brussels/ The library is under heavy development: https://source.puri.sm/Librem5/libhandy/wikis/home https://honk.sigxcpu.org/projects/libhandy/doc/ ** Description changed: Availability Built for all supported architectures. In sync with Debian. Rationale = libhandy is an extension of GTK3 to allow for so-called responsive design or reactive layout. libhandy is developed by Purism which aims to produce a phone running a complete free software stack. Purism wants to enable a form of GNOME to run on the phone as an option (KDE Plasma and even Ubuntu Touch may be available later too). Ubuntu 19.04's gnome-control-center 3.31.90 includes an embedded copy of libhandy. As we do with other libraries, it would be nice to transition to a shared library instead. The Ubuntu Desktop team believes it is reasonable to use the embedded copy for 19.04 so there isn't urgency for this MIR. Besides gnome-control-center, the universe apps epiphany, gnome-contacts and gnome-games-app alse use libhandy. I expect more Ubuntu main apps will use libhandy in the future. Security No known security issues https://security-tracker.debian.org/tracker/source-package/libhandy https://launchpad.net/ubuntu/+source/libhandy/+cve Quality assurance = - Ubuntu Desktop bugs needs to be subscribed https://bugs.launchpad.net/ubuntu/+source/libhandy https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libhandy
[Bug 1815483] Re: [MIR] libhandy
Doing the usual MIR checks I found most of them to be good:
- Duplication: it is actually deduplicating the embedded copies
- no lintian complains about packaging
- no functional bugs in Debian / Ubuntu yet (not used that much thou)
- Upstream is at and LGTM
- no embedded other libs
- no static linking
- d/rules and d/control are very clean
- meson build seems straight forward
- hardning=+all is in place
- runs (a few) build time self-tests
- you volunteered Ubuntu-Desktop as package subscriber
- no FTBFS currently nor in the recent history
- symbols are tracked for dh_makeshlibs
- packaging hs the most current release and updates ~monthly at least for now
- LD_LIBRARY_PATH only used in build
- no sudo (or similar) usage
Not perfect, but ok:
- autopkgtest only tests pkg-config and build against libhandy-dev
- yes it has no CVEs (yet), but it is too new to really know; a security
evaluation is needed (probably ok thou since the siilar code is atm bundled in
other packages in main)
- it has internationalization prepared (po/*) but only english so far
- usually a watch file would be nice but since upstream ~= Debian and doesn't
release tarballs (but git tags) this doesn't really apply
- at least the -dev package depends on further universe packages e.g.
libgladeui-2-6 do you intend (and ensure) to only pull libhandy-0.0 but no
others to main?
Questions:
- the version number 0.0.7 is very unconvincing, does that mean it is still
chaning API/ABI frequently - do you know if there is any major release planned
that we should wait for?
- Debian bug 909075 holds it back from Debian and testing/integration there,
should we wait until that is resolved (probably post buster) to move to it as
well?
- (minor) build issue that could be resolved - do you want to contrib to Debian
to even clean those?
- "dpkg-gencontrol: warning: Depends field of package gir1.2-handy-0.0:
substitution variable ${shlibs:Depends} used, but is not defined"
- the docs might be incomplete "warning: no link for ..."
It will be nice to get the answers to the questions above resolved
before completion, but IMHO we can already assign this to security for
their review to appear on their queue.
[1]: https://source.puri.sm/Librem5/libhandy
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909075
** Bug watch added: Debian Bug tracker #909075
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909075
** Changed in: libhandy (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815483
Title:
[MIR] libhandy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libhandy/+bug/1815483/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
