[Bug 1820182] Re: [MIR] django-filter as dependency of mailman3
After evaluating dependencies, required further changes and mostly maintainability for security and packaging it was decided there are too many concerns - not about any single package in particular, but the overall Mailman3 stack - about the ability to maintain and monitor it as well as we need it for support in main. We have closed the primary LP bug already, the MIRs that are already approved - like this one - will stay that way, but we will make no seed change to pull things in for now. Yet if other needs come up for those they have a prepared MIR already. Other bugs which are not yet completed in terms of review will be closed as Won't Fix. Even thou it ended being aborted, I think that is a valid outcome of the MIR evaluations. Never the less I want to thank everybody involved for all the work spent in what was nearly a year working through these MIRs. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1820182 Title: [MIR] django-filter as dependency of mailman3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/django-filter/+bug/1820182/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1820182] Re: [MIR] django-filter as dependency of mailman3
[Duplication] No duplication of that functionality in the Archive in general or main in particular. [Embedded sources and static linking] This package does not contain embedded library sources. This package doe not statically link to libraries. No Go package [Security] I can confirm that there seems to be no CVE/Security history for this package. It Does not: - run a daemon as root - uses old webkit - uses lib*v8 directly - open a port - uses centralized online accounts - integrates arbitrary javascript into the desktop - deals with system authentication - processes arbitrary web content - parse data formats Django after all is a web framework, but this component seems to be on the other end and not exposed. Therefore IMHO there is no security review needed for this. [Common blockers] - builds fine at the moment - server Team committed to subscribe once this gets promoted (enough for now) - code is not user visible, no translation needed - dh_python is used - package produces python2 bits, but they are not pulled into main by mailman3 - utilizes build time self tests [Packaging red flags] - no current ubuntu Delta to evaluate - no library with classic symbol tracking - watch file is present - Lintian warnings are present bug ok - debian/rules is rather clean - no usage of Built-Using - no golang package that would make things harder [Upstream red flags] - no suspicious errors during build (a few warnings, but nothing concerning) - it is pure python, so no incautious use of malloc/sprintf - no use of sudo, gksu - no use of pkexec - no use of LD_LIBRARY_PATH - no important open bugs - no Dependency on webkit, qtwebkit, libgoa-* - no embedded copies in upstream either [Summary] Ack from the MIR-Teams POV, as outlined above for this component a security review seems not required. ** Changed in: django-filter (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1820182 Title: [MIR] django-filter as dependency of mailman3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/django-filter/+bug/1820182/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1820182] Re: [MIR] django-filter as dependency of mailman3
** Description changed: [Availability] Package is in universe. Builds for python 2 and 3, but we only need python3-django-filters. [Rationale] This is part of the MIR activity for all dependencies of mailman3 The "main" MIR of it is at bug 1775427: Mailman (2) has only python2 support, but we strive for python3, therefore Mailman3 which has python3 support should be promoted to main. django-filter is used by python3-djangorestframework - [Security] No known CVEs found. [Quality assurance] As part of the mailman3 stacks as of now (Disco) this installs fine and works fine. On itself it is useful to (many) other dependencies and does not need a post install configuration on its own. Package does not ask debconf questions. Launchpad bugs (0): https://bugs.launchpad.net/ubuntu/+source/django- filter Debian bugs (0): https://bugs.debian.org/cgi- bin/pkgreport.cgi?repeatmerged=no&src=django-filter Upstream issues: https://github.com/carltongibson/django-filter/issues No significant bugs. Package seems well maintained at https://tracker.debian.org/pkg/django- filter Package does not depend on exotic hardware. - Package does not ship a test suite. + Package does ship a test suite and passed on build. Package has a watch file. No significant lintian issues. Package does not rely on obsolete or about to be demoted packages. - [UI standards] Not an end user application [Dependencies] Some dependencies are not in main, but we drive MIR for all related packages that are not in main at the same time. Please check the list of bugs from the main Mailman3 MIR in bug 1775427 to get an overview. [Standards compliance] Package follows standard python install practices. [Maintenance] The Server team will subscribe for the package for maintenance, but in general it seems low on updates and currently is a sync from Debian. [Background] Good package description. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1820182 Title: [MIR] django-filter as dependency of mailman3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/django-filter/+bug/1820182/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs