[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
** No longer affects: protobuf (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/py-macaroon-bakery/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
closing the python-nacl task. already promoted. ** Changed in: python-nacl (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
I reviewed python-nacl version 1.1.2-1build1 as checked into bionic. This isn't a full security audit but rather a quick gauge of maintainability. - No CVEs in our database - python-nacl is a shim to the libsodium library - Build-Depends: debhelper, dh-python, libsodium-dev, python-all-dev, python-cffi, python-pytest, python-setuptools, python-six, python3-all-dev, python3-cffi, python3-pytest, python3-setuptools, python3-six, python3-sphinx, - Does not daemonize - pre/post inst/rm scripts automatically generated - No init scripts - No systemd unit / service files - No DBus services - No setuid files - No binaries in main - No sudo fragments - No udev rules - Large test suite run during the build - No cron jobs - Build logs have an error that seems to indicate an attempt to build documentation based on network-reached assets: > loading intersphinx inventory from http://docs.python.org/objects.inv... > WARNING: failed to reach any of the inventories with the following issues: > WARNING: intersphinx inventory 'http://docs.python.org/objects.inv' not fetchable due to : ('intersphinx inventory %r not fetchable due to %s: %s', 'http://docs.python.org/objects.inv', , ProxyError(...)) > - No subprocesses spawned - No file IO - Memory management looked careful - Logging looked careful - No environment variable use - Extensive cryptography -- but all wrappers - No privileged functions - No privileged portions of code - No temporary files - No WebKit use - No JavaScript use - No JavaScript use - No PolicyKit use python-nacl is straight-forward FFI shim with good error checking and a test suite with over 4000 tests. (I didn't inspect the tests, but it surely sounds promising.) Security team ACK for promoting python-nacl to main. Thanks ** Changed in: python-nacl (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
FYI since the proximate dependency of maas has been promoted and therefore allowed to migrate, but python-nacl has not, this currently causes build failures of the ubuntu-server live image. I am going to pre-promote python-nacl to unblock image builds. Security Team, can you please prioritize this review? ** Changed in: python-nacl (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
Override component to main py-macaroon-bakery 1.1.3-1 in bionic: universe/misc -> main python3-macaroonbakery 1.1.3-1 in bionic amd64: universe/python/optional/100% -> main python3-macaroonbakery 1.1.3-1 in bionic arm64: universe/python/optional/100% -> main python3-macaroonbakery 1.1.3-1 in bionic armhf: universe/python/optional/100% -> main python3-macaroonbakery 1.1.3-1 in bionic i386: universe/python/optional/100% -> main python3-macaroonbakery 1.1.3-1 in bionic ppc64el: universe/python/optional/100% -> main python3-macaroonbakery 1.1.3-1 in bionic s390x: universe/python/optional/100% -> main 7 publications overridden. ** Changed in: py-macaroon-bakery (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
python-nacl should be reviewed by the Security Team since it deals with crypto, otherwise it looks fine to me. I have not done an in-depth code review of the upstream source. ** Changed in: python-nacl (Ubuntu) Status: New => Incomplete ** Changed in: python-nacl (Ubuntu) Assignee: Mathieu Trudel-Lapierre (cyphermox) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
py-macaroons-bakery looks good to me; MIR approved. ** Changed in: py-macaroon-bakery (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
Override component to main pyrfc3339 1.0-4 in bionic: universe/misc -> main python-rfc3339 1.0-4 in bionic amd64: universe/python/optional/100% -> main python-rfc3339 1.0-4 in bionic arm64: universe/python/optional/100% -> main python-rfc3339 1.0-4 in bionic armhf: universe/python/optional/100% -> main python-rfc3339 1.0-4 in bionic i386: universe/python/optional/100% -> main python-rfc3339 1.0-4 in bionic ppc64el: universe/python/optional/100% -> main python-rfc3339 1.0-4 in bionic s390x: universe/python/optional/100% -> main python3-rfc3339 1.0-4 in bionic amd64: universe/python/optional/100% -> main python3-rfc3339 1.0-4 in bionic arm64: universe/python/optional/100% -> main python3-rfc3339 1.0-4 in bionic armhf: universe/python/optional/100% -> main python3-rfc3339 1.0-4 in bionic i386: universe/python/optional/100% -> main python3-rfc3339 1.0-4 in bionic ppc64el: universe/python/optional/100% -> main python3-rfc3339 1.0-4 in bionic s390x: universe/python/optional/100% -> main Override [y|N]? y 13 publications overridden. ** Changed in: pyrfc3339 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
pyrfc3339 looks good and straightforward to me; MIR approved. ** Changed in: pyrfc3339 (Ubuntu) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
Added a team subscriber ** Changed in: python-nacl (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
python-nacl is missing a team subscriber. I'm reviewing these source packages. ** Changed in: python-nacl (Ubuntu) Status: New => Incomplete ** Changed in: pyrfc3339 (Ubuntu) Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox) ** Changed in: py-macaroon-bakery (Ubuntu) Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox) ** Changed in: python-nacl (Ubuntu) Assignee: (unassigned) => Mathieu Trudel-Lapierre (cyphermox) ** Changed in: pyrfc3339 (Ubuntu) Status: New => Triaged ** Changed in: py-macaroon-bakery (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
FWIW, i have filed: https://github.com/go-macaroon-bakery/py-macaroon-bakery/issues/47 https://github.com/ecordell/pymacaroons/issues/44 but doubt this would be resolved before Bionic. ** Also affects: python-nacl (Ubuntu) Importance: Undecided Status: New ** Description changed: py-macaroon-bakery == 1. Availability: all 2. Rationale: Macaroons is a new form of authorization mechanism. The macaroon bakery builds on pymacaroons, which allows it working at a higher level. In order for MAAS (and other projects) to support macaroon based authentication, this needs to be in main. This will allow projects to support remote/centralized authentication based on macaroons. 3. Security: No CVE's 4. QA: 0 bugs in debian/ubuntu 5. UI standards: None 6. Dependencies: Dependencies in universe: - python3-pymacaroons (MIR LP: #1746772) - - python3-nacl (MIR LP: #1746772) + - python3-nacl - python3-protobuf - python3-rfc3339 7. Standards: No lintian errors. Packaged with debhelper. Source format is 3.0 (quilt) Standards version: 4.4.1 8. Maintenance: Easy. 9. Background information: This is a required dependency to implement third party/centralized authentication alongside with pymacaroons. This is a new dependency that's required by MAAS. python3-protobuf == 1. Availability: any 2. Rationale: Dependency of python3-macaroonbakery. The library from this same source package, libprotobuf10, is already in main. 3. Security: No CVE's 4. QA: protobuf source, 10 bugs in debian, 11 ubuntu 5. UI standards: None 6. Dependencies: All in main 7. Standards: No lintian errors. Packaged with debhelper. Source format is 3.0 (quilt) Standards version: 3.9.8 8. Maintenance: Easy. 9. Background information: protobuf source already has binaries in main. This is just the python bindings that are required by macaroonbakery. - rfc3339 == 1. Availability: all 2. Rationale: Dependency of python3-macaroonbakery. 3. Security: No CVE's 4. QA: 0 bugs in debian/ubuntu 5. UI standards: None 6. Dependencies: All in main 7. Standards: No lintian errors. 1 warning: W: pyrfc3339 source: ancient-standards-version 3.9.6 (released 2014-09-17) (current is 4.1.3) Packaged with debhelper. Source format is 3.0 (quilt) 8. Maintenance: Easy. 9. Background information: Parser and generator of RFC 3339-compliant timestamps. This is a dependency for python3-macaroonbakery. ** Description changed: py-macaroon-bakery == 1. Availability: all 2. Rationale: Macaroons is a new form of authorization mechanism. The macaroon bakery builds on pymacaroons, which allows it working at a higher level. In order for MAAS (and other projects) to support macaroon based authentication, this needs to be in main. This will allow projects to support remote/centralized authentication based on macaroons. 3. Security: No CVE's 4. QA: 0 bugs in debian/ubuntu 5. UI standards: None 6. Dependencies: Dependencies in universe: - python3-pymacaroons (MIR LP: #1746772) - python3-nacl - python3-protobuf - python3-rfc3339 7. Standards: No lintian errors. Packaged with debhelper. Source format is 3.0 (quilt) Standards version: 4.4.1 8. Maintenance: Easy. 9. Background information: This is a required dependency to implement third party/centralized authentication alongside with pymacaroons. This is a new dependency that's required by MAAS. python3-protobuf == 1. Availability: any 2. Rationale: Dependency of python3-macaroonbakery. The library from this same source package, libprotobuf10, is already in main. 3. Security: No CVE's 4. QA: protobuf source, 10 bugs in debian, 11 ubuntu 5. UI standards: None 6. Dependencies: All in main 7. Standards: No lintian errors. Packaged with debhelper. Source format is 3.0 (quilt) Standards version: 3.9.8 8. Maintenance: Easy. 9. Background information: protobuf source already has binaries in main. This is just the python bindings that are required by macaroonbakery. rfc3339 == 1. Availability: all 2. Rationale: Dependency of python3-macaroonbakery. 3. Security: No CVE's 4. QA: 0 bugs in debian/ubuntu 5. UI standards: None 6. Dependencies: All in main 7. Standards: No lintian errors. 1 warning: W: pyrfc3339 source: ancient-standards-version 3.9.6 (released 2014-09-17) (current is 4.1.3) Packaged with debhelper. Source format is 3.0 (quilt) 8. Maintenance: Easy. 9. Background information: Parser and generator of RFC 3339-compliant timestamps. This is a d
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
09:27 < roaksoax> doko: TBH, no idea as i've not looked at what the differences are, but will take a look 09:38 < doko> roaksoax: maybe you could ask cjwatson about the differences in python-nacl and python-libnacl, he is one of the Debian uploaders 09:39 < roaksoax> doko: that's what I waas planning on doing :) 09:42 < cjwatson> different upstream projects with incompatible APIs 09:43 < cjwatson> more or less similar functions 09:43 < cjwatson> but AIUI switching from one to the other is basically a rewrite ** Changed in: py-macaroon-bakery (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
protobuf already is in main ** Changed in: protobuf (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
python3-pymacaroons still depends on python-nacl. However the MIR is for python-libncal. Can we remove one from the archive? ** Changed in: py-macaroon-bakery (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1747460] Re: [MIR] py-macaroon-bakery, protobuf, pyrfc3339
** Summary changed: - [MIR] py-macaroon-bakery, + [MIR] py-macaroon-bakery, protobuf, pyrfc3339 ** Description changed: py-macaroon-bakery == 1. Availability: all 2. Rationale: Macaroons is a new form of authorization mechanism. The macaroon bakery builds on pymacaroons, which allows it working at a higher level. In order for MAAS (and other projects) to support macaroon based authentication, this needs to be in main. This will allow projects to support remote/centralized authentication based on macaroons. 3. Security: No CVE's 4. QA: 0 bugs in debian/ubuntu 5. UI standards: None 6. Dependencies: Dependencies in universe: - - python3-pymacaroons (MIR LP: #1746772) - - python3-nacl (MIR LP: #1746772) - - python3-protobuf - - python3-rfc3339 + - python3-pymacaroons (MIR LP: #1746772) + - python3-nacl (MIR LP: #1746772) + - python3-protobuf + - python3-rfc3339 7. Standards: No lintian errors. Packaged with debhelper. Source format is 3.0 (quilt) Standards version: 4.4.1 8. Maintenance: Easy. 9. Background information: This is a required dependency to implement third party/centralized authentication alongside with pymacaroons. This is a new dependency that's required by MAAS. + + python3-protobuf + == + + 1. Availability: any + + 2. Rationale: + Dependency of python3-macaroonbakery. The library from this same source package, libprotobuf10, is already in main. + + 3. Security: + No CVE's + + 4. QA: + protobuf source, 10 bugs in debian, 11 ubuntu + + 5. UI standards: + None + + 6. Dependencies: + All in main + + 7. Standards: + No lintian errors. + + Packaged with debhelper. Source format is 3.0 (quilt) + + Standards version: 4.4.1 + + 8. Maintenance: + Easy. + + 9. Background information: + protobuf source already has binaries in main. This is just the python bindings that are required by macaroonbakery. ** Also affects: protobuf (Ubuntu) Importance: Undecided Status: New ** Also affects: pyrfc3339 (Ubuntu) Importance: Undecided Status: New ** Description changed: py-macaroon-bakery == 1. Availability: all 2. Rationale: Macaroons is a new form of authorization mechanism. The macaroon bakery builds on pymacaroons, which allows it working at a higher level. In order for MAAS (and other projects) to support macaroon based authentication, this needs to be in main. This will allow projects to support remote/centralized authentication based on macaroons. 3. Security: No CVE's 4. QA: 0 bugs in debian/ubuntu 5. UI standards: None 6. Dependencies: Dependencies in universe: - python3-pymacaroons (MIR LP: #1746772) - python3-nacl (MIR LP: #1746772) - python3-protobuf - python3-rfc3339 7. Standards: No lintian errors. Packaged with debhelper. Source format is 3.0 (quilt) Standards version: 4.4.1 8. Maintenance: Easy. 9. Background information: This is a required dependency to implement third party/centralized authentication alongside with pymacaroons. This is a new dependency that's required by MAAS. python3-protobuf == 1. Availability: any 2. Rationale: Dependency of python3-macaroonbakery. The library from this same source package, libprotobuf10, is already in main. 3. Security: No CVE's 4. QA: protobuf source, 10 bugs in debian, 11 ubuntu 5. UI standards: None 6. Dependencies: All in main 7. Standards: No lintian errors. Packaged with debhelper. Source format is 3.0 (quilt) - Standards version: 4.4.1 + Standards version: 3.9.8 8. Maintenance: Easy. 9. Background information: protobuf source already has binaries in main. This is just the python bindings that are required by macaroonbakery. + + + rfc3339 + == + + 1. Availability: all + + 2. Rationale: + Dependency of python3-macaroonbakery. + + 3. Security: + No CVE's + + 4. QA: + 0 bugs in debian/ubuntu + + 5. UI standards: + None + + 6. Dependencies: + All in main + + 7. Standards: + No lintian errors. 1 warning: + W: pyrfc3339 source: ancient-standards-version 3.9.6 (released 2014-09-17) (current is 4.1.3) + + Packaged with debhelper. Source format is 3.0 (quilt) + + 8. Maintenance: + Easy. + + 9. Background information: + Parser and generator of RFC 3339-compliant timestamps. This is a dependency for python3-macaroonbakery. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1747460 Title: [MIR] py-macaroon-bakery, protobuf, pyrfc3339 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs