[Bug 1861268] Re: [MIR] jeepney
** Changed in: python-secretstorage (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
This is now done: $ change-override -S -s groovy jeepney -c main Override component to main jeepney 0.4.3-1 in groovy: universe/misc -> main jeepney-doc 0.4.3-1 in groovy amd64: universe/doc/optional/100% -> main jeepney-doc 0.4.3-1 in groovy arm64: universe/doc/optional/100% -> main jeepney-doc 0.4.3-1 in groovy armhf: universe/doc/optional/100% -> main jeepney-doc 0.4.3-1 in groovy i386: universe/doc/optional/100% -> main jeepney-doc 0.4.3-1 in groovy ppc64el: universe/doc/optional/100% -> main jeepney-doc 0.4.3-1 in groovy riscv64: universe/doc/optional/100% -> main jeepney-doc 0.4.3-1 in groovy s390x: universe/doc/optional/100% -> main python3-jeepney 0.4.3-1 in groovy amd64: universe/python/optional/100% -> main python3-jeepney 0.4.3-1 in groovy arm64: universe/python/optional/100% -> main python3-jeepney 0.4.3-1 in groovy armhf: universe/python/optional/100% -> main python3-jeepney 0.4.3-1 in groovy i386: universe/python/optional/100% -> main python3-jeepney 0.4.3-1 in groovy ppc64el: universe/python/optional/100% -> main python3-jeepney 0.4.3-1 in groovy riscv64: universe/python/optional/100% -> main python3-jeepney 0.4.3-1 in groovy s390x: universe/python/optional/100% -> main Override [y|N]? y 15 publications overridden. ** Changed in: jeepney (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
** Merge proposal unlinked: https://code.launchpad.net/~gabriel1109/+git/python-openstackclient/+merge/384984 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
** Merge proposal linked: https://code.launchpad.net/~gabriel1109/+git/python-openstackclient/+merge/384984 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
Marking this as affecting python-secretstorage and tagging update-excuse so it's clear why this package is stuck in -proposed. ** Also affects: python-secretstorage (Ubuntu) Importance: Undecided Status: New ** Tags added: update-excuse -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
MIR team ack as discussed last cycle but needs security team review. ** Changed in: jeepney (Ubuntu) Assignee: James Page (james-page) => Ubuntu Security Team (ubuntu-security) ** Changed in: jeepney (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
** Changed in: jeepney (Ubuntu) Assignee: (unassigned) => James Page (james-page) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
Focal is now released, and Groovy has new python-secretstorage again, so please process jeepney MIR. ** Changed in: jeepney (Ubuntu) Status: Incomplete => New ** No longer affects: python-keystoneclient (Ubuntu) ** No longer affects: python-novaclient (Ubuntu) ** No longer affects: python-openstackclient (Ubuntu) ** Changed in: jeepney (Ubuntu) Milestone: later => None -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
Marking Incomplete for now and targetting to later. ** Changed in: jeepney (Ubuntu) Assignee: James Page (james-page) => (unassigned) ** Changed in: jeepney (Ubuntu) Status: New => Incomplete ** Changed in: jeepney (Ubuntu) Milestone: None => later -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
Ok, I will revert python-secretstorage to an older version then. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
Reflecting on this situation I think if we where not developing for an LTS release, having two python DBUS interfaces in main for an interim release period of 9 months might be acceptable; but we're not in that position so I'd suggest that we stick with the older python3-dbus based secretstorage for 20.04. This means we only have a single DBUS interface to support for an LTS (5/10 years) and we give the other upstream projects a bit more time to make the switch (maybe with some nudging/recommendation). We can review again at the start of the 20.10 development cycle to see how things have progressed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
This bug was fixed in the package python-openstackclient - 4.0.0-0ubuntu2 --- python-openstackclient (4.0.0-0ubuntu2) focal; urgency=medium * d/control: Drop python3-keyring as it is no longer used (LP: #1861268). -- Corey Bryant Tue, 04 Feb 2020 13:28:26 -0500 ** Changed in: python-openstackclient (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
This bug was fixed in the package python-novaclient - 2:16.0.0-0ubuntu2 --- python-novaclient (2:16.0.0-0ubuntu2) focal; urgency=medium * d/control: Drop python3-keyring as it is no longer used (LP: #1861268). -- Corey Bryant Tue, 04 Feb 2020 13:26:18 -0500 ** Changed in: python-novaclient (Ubuntu) Status: New => Fix Released ** Changed in: python-keystoneclient (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
This bug was fixed in the package python-keystoneclient - 1:3.22.0-0ubuntu2 --- python-keystoneclient (1:3.22.0-0ubuntu2) focal; urgency=medium * d/control: Move python3-keyring to Suggests since it is optional (LP: #1861268). -- Corey Bryant Tue, 04 Feb 2020 13:40:51 -0500 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
I've uploaded new versions of python-openstackclient, python-novaclient, and python-keystoneclient to focal to deal with the changes mentioned in comment #4. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
** Also affects: python-novaclient (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
python3-keyring isn't used by python-openstackclient or python- novaclient, so it can be dropped from those packages. It is still used by python-keystoneclient but it's optional, so can be carried as a Suggests, where it wonn't need to be in Ubuntu main. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
** Also affects: python-openstackclient (Ubuntu) Importance: Undecided Status: New ** Also affects: python-keystoneclient (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
I can temporarily revert to the old version of SecretStorage which used dbus-python, but this is not a long-term solution because dbus-python and libdbus are obsolete. I can also demote python3-keyring Depends on python3-secretstorage to Suggests, but in that case we will need another default backend. There are file-based backends in python3-keyrings.alt package, but there is no GUI to ask user for a password (only getpass module). Without a password it can store passwords unencrypted, which is definitely less secure. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
[Summary] Alternative D-Bus implementation for Python applications. MIR team -1 due to duplication of function; if we could switch over all reverse-depends in main this switch would be re-considered. I've asked the Ubuntu OpenStack team to review use of python3-keyring to see if we can remove 3/4 of the reverse-depends that hold keyring in main - launchpadlib seems to be a potential blocker. Would require security team review due to integration with D-Bus. [Duplication] Pure Python DBus implementation, fulfilling the same function as dbus-python. python-secretstorage has migrated to jeepney, however there are a large number of other packages that still depend on python3-dbus: $ reverse-depends -c main python3-dbus Reverse-Depends * hplip [amd64 arm64 armhf ppc64el s390x] * language-selector-common * networkd-dispatcher * python3-aptdaemon * python3-cupshelpers * python3-dbus-dbg * python3-secretstorage * software-properties-common * system-config-printer * system-config-printer-common * system-config-printer-udev [amd64 arm64 armhf ppc64el s390x] * ubiquity-frontend-gtk [amd64 arm64 armhf ppc64el] * ubuntu-release-upgrader-gtk * ubuntu-system-service * unattended-upgrades * update-manager * update-notifier [amd64 arm64 armhf ppc64el s390x] * update-notifier-common * usb-creator-common [amd64] * usb-creator-gtk [amd64] I suspect its unlikely that these will all migrate during the Focal timeframe so including this package into main would duplicate functionality. [Embedded sources and static linking] - no embedded source present - no static linking [Security] - no history of CVEs - does not use webkit1,2 - does not use lib*v8 directly - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) - does not run a daemon as root - does not open a port But it has quite some security sensitive elements: - does not parse data formats - integrates with D-Bus - access to all data passed in between Will require security team review. [Common blockers] - does not currently FTBFS - no translation present, but none needed - no python2 - has autopkgtests - lacks a team bug subscriber [Packaging red flags] - In sync with debian - symbols tracking not applicable for this code. - d/watch is present and works - Upstream update history is good - Limited Debian/Ubuntu history (new for focal) - the current release is packaged - no MOTU problem - no Lintian warnings - d/rules nice and clean - not using Built-Using - no golang package for extra considerations about that [Upstream red flags] - no errors during the build - no incautious use of malloc/sprintf (N/A) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no significant open bug reports upstream - no dependency on webkit, qtwebkit, seed or libgoa-* - no embedded source copies - not part of the UI for extra checks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
Looking at the reverse-depends in main for python3-keyring: $ reverse-depends -c main python3-keyring Reverse-Depends * python3-keystoneclient * python3-launchpadlib * python3-novaclient * python3-openstackclient keystoneclient has optional support for keyring (so could demote Depends->Suggests), novaclient and openstackclient have dropped support for keyring. python3-launchpadlib does require use of keyring still. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
** Changed in: jeepney (Ubuntu) Assignee: (unassigned) => James Page (james-page) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1861268] Re: [MIR] jeepney
** Description changed: [Availability] Available in Ubuntu Focal. [Rationale] python-secretstorage, which is in main because it's a dependency of python-keyring, has been using dbus-python for a long time. However, as dbus-python's README says, it “might not be the best D-Bus binding for you to use”: https://gitlab.freedesktop.org/dbus/dbus-python/blob/dbus-python-1.2.16/README#L13 Also, the Freedesktop wiki lists dbus-python among “Obsolete libraries”: https://www.freedesktop.org/wiki/Software/DBusBindings/#obsoletelibraries So the new release of secretstorage is now using jeepney, a lightweight pure Python D-Bus implementation instead of dbus-python (which was written in C). [Security] No security history. [Quality assurance] Upstream has a test suite, and it is being run during package build: https://launchpadlibrarian.net/459048962/buildlog_ubuntu-focal-amd64.jeepney_0.4.2-1_BUILDING.txt.gz + There is also an autopkgtest: + http://autopkgtest.ubuntu.com/packages/jeepney + [Dependencies] Depends: python3:any Build-Depends: debhelper-compat (= 12), dh-python, python3-all, python3-pytest, python3-sphinx, python3-sphinx-rtd-theme, python3-testpath [Standards compliance] Standards-Version: 4.4.1 [Maintenance] Maintained by me under the umbrella of Debian Python modules team. Maintenance is very simple, debian/rules is just 18 lines. ** Description changed: [Availability] Available in Ubuntu Focal. [Rationale] python-secretstorage, which is in main because it's a dependency of python-keyring, has been using dbus-python for a long time. However, as dbus-python's README says, it “might not be the best D-Bus binding for you to use”: https://gitlab.freedesktop.org/dbus/dbus-python/blob/dbus-python-1.2.16/README#L13 Also, the Freedesktop wiki lists dbus-python among “Obsolete libraries”: https://www.freedesktop.org/wiki/Software/DBusBindings/#obsoletelibraries So the new release of secretstorage is now using jeepney, a lightweight pure Python D-Bus implementation instead of dbus-python (which was written in C). [Security] No security history. [Quality assurance] Upstream has a test suite, and it is being run during package build: https://launchpadlibrarian.net/459048962/buildlog_ubuntu-focal-amd64.jeepney_0.4.2-1_BUILDING.txt.gz There is also an autopkgtest: http://autopkgtest.ubuntu.com/packages/jeepney [Dependencies] Depends: python3:any Build-Depends: debhelper-compat (= 12), dh-python, python3-all, python3-pytest, python3-sphinx, python3-sphinx-rtd-theme, python3-testpath [Standards compliance] Standards-Version: 4.4.1 [Maintenance] - Maintained by me under the umbrella of Debian Python modules team. + Maintained upstream in https://gitlab.com/takluyver/jeepney. - Maintenance is very simple, debian/rules is just 18 lines. + Maintained in Debian by me under the umbrella of Debian Python modules + team. Maintenance is very simple, debian/rules is just 18 lines. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1861268 Title: [MIR] jeepney To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/jeepney/+bug/1861268/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs