Uploaded all relevant fixes to python-jujuclient, websocket-client and juju-quickstart packages. Now ready for MIR approval team review.
** Description changed: - URL: https://launchpad.net/juju-quickstart - License: GNU Affero GPL v3 - Description: Help both new and experienced users quickly start Juju from Ubuntu. Juju Quickstart is an opinionated command-line tool that quickly starts Juju and the GUI, whether you've never installed Juju or you have an existing Juju environment running. + [juju-quickstart] - = Availability = + Availability: in universe, arch: all. - In universe + Rationale: key component for the Juju ecosystem. - = Rationale = + Security: no security history. No CVEs found. No suid or sgid + executables. No executables in /sbin or /usr/sbin. No daemons. No + privileged ports (although the Juju GUI does open a privileged port, + which this package deploys). One might consider Juju to be + security-sensitive, as it controls production deployments, and this + package bootstraps Juju. This package uses sudo, although this use is + scheduled to be removed. See bug 1282630. - It makes installing a key part of Ubuntu's cloud tools, Juju, much - easier. It also is useful to anyone who uses Juju with its GUI - regularly. + Quality assurance: - The following features, as described in https://launchpad.net/juju- - quickstart, support the above two assertions. + Upstream ships a thorough test suite which includes 100% SLOC coverage. + By design, this tool makes it possible to use juju with as minimal + configuration as possible and with no documentation reading, by + deploying the GUI for the user and presenting its interface. - * New users are guided, as needed, to install Juju, set up SSH keys, and configure it for first use. - * Juju environments can be created and managed from a command line interactive session. - * The Juju GUI is automatically installed, adding no additional machines (installing on an existing state server when possible). - * Bundles can be deployed, from local files, HTTP(S) URLs or the charm store, so that a complete topology of services can be set up in one simple command. - * Quickstart ends by opening the browser and automatically logging the user into the GUI, to observe and manage the environment visually. - * Users with a running Juju environment can run the quickstart command again to simply re-open the GUI without having to find the proper URL and password. + No debconf questions. No long-term outstanding bugs. - = Security = + No relevant packaging bugs. There are a number of active bugs open + upstream; these are being actively worked on by upstream. This package + does not deal with exotic hardware. The upstream test suite is run as + part of the package build, and a failing test suite fails the package + build. A debian/watch file exists and is functional. - Since we are not in Universe, our history is weak at best. However, I - do not believe we fail any of the security checks, though we do ask for - sudo in some cases (specifically to install juju's stable PPA and juju - itself). + UI standards: - = Quality Assurance = + This is an end-user console application and is not internationalized + (not translatable). This is tracked in bug 1292026. - We have a very thorough test suite with 100% coverage by line - measurements. + The package does not ship a desktop file. As a console application + designed for developer use, a desktop file has minimal relevance for + developers. - Bugs are tracked in https://bugs.launchpad.net/juju-quickstart . + Dependencies: - Violation: "If the package ships a test suite, and there is no obvious - reason why it cannot work during build (e. g. it needs root privileges - or network access), it should be run during package build, and a failing - test suite should fail the build." We can work to incorporate it into - the build process. + urwid, python-jujuclient and websocket-client are dependencies in + universe. MIR reports follow in this bug. - = UI standards = + Standards compliance: standard and minimal dh sequencer based packaging. + FHS compliant and the packaging is up to current Debian policy. - "End-user applications must be internationalized (translatable), using - the standard intltool/gettext build and runtime system and produce a - proper PO template during build." Not yet done. + Maintenance: - = Dependencies = + Actively maintained upstream, by the Juju GUI team. ~ubuntu-server + commits to maintaining this package in Ubuntu and is subscribed to + package bugs. - python-jujuclient, python-urwid - = Standards compliance = + [urwid] - Our current packaging is certainly simple. I hope that it complies to - standards but am not familiar with them beyond the most cursory read. + Availability: in universe and built on all architecture. - = Maintenance = + Rationale: dependency of juju-quickstart. - The Juju GUI team are the current maintainers (https://launchpad.net/~juju-gui). - Ubuntu server team will pick bug triage alongside juju-core in distro. + Security: no security history. No CVEs found. No suid or sgid + executables. No executables in /sbin or /usr/sbin. No daemons. No + privileged port use is apparent. urwid is a UI library, so may be used + as a UI in security sensitive software, although this isn't the case + with juju-quickstart. + + Quality assurance: + + As a library, this package is functional on installation. No debconf + questions. No major long-term outstanding bugs. Upstream is active. No + use of exotic hardware. + + Test-related packaging bugs in Debian are all fixed in Debian svn. The + only other bug in Debian is believed fixed already. Upstream has more + bugs, but none of them appear to be major issues for general urwid use. + + No use of exotic hardware. Test suite is run as part of the package + build, and fails the build if tests fail. debian/watch file is out of + date, but fixed in current Debian svn. + + UI standards: N/A + + Dependencies: all in main. + + Standards compliance: minimal cdbs+debhelper based packaging. Ideally + this would use the dh sequencer now, and I get the impression that DPMT + would be happy to switch it. But urwid is a relatively slow moving + project, and the rules file is simple and minimal enough that it doesn't + seem worth switching just for the sake of it. If there is a problem that + requires a change, then it could be switched to dh at that time easily + enough. FHS compliant and the packaging is up to current Debian policy. + + urwid is a long-lived relatively stable package, with minimal + maintenance requirements. Upstream is active though, and all bugs in + Debian BTS are fixed in Debian svn. ~ubuntu-server commits to + maintaining this package in Ubuntu and is subscribed to package bugs. + + + [python-jujuclient] + + Availability: in universe, arch: all. + + Rationale: dependency of juju-quickstart. + + Security: no security history. No CVEs found. No suid or sgid + executables. No executables in /sbin or /usr/sbin. No daemons. No + privileged ports. python-jujuclient is used by juju-quickstart to manage + deployments; the deployments themselves are security-sensitive. + + Quality assurance: + + As a library, this package is functional on installation. No debconf + questions. No long-term outstanding bugs. Upstream is active. No use of + exotic hardware. + + No relevant upstream test suite. + + debian/watch file is present and working. + + UI standards: N/A + + Dependencies: websocket-client is in universe (also see bug 1292502 + regarding the package naming of this dependency). MIR report follows. + + Standards compliance: standard and minimal dh sequencer based packaging. + FHS compliant and the packaging is up to current Debian policy. + + Maintenance: actively maintained upstream, by Kapil Thangavelu. + ~ubuntu-server commits to maintaining this package in Ubuntu and is + subscribed to package bugs. The upstream code says: "Seriously Alpha. + Works now, but API *will* change". Upstream responds: "yeah.. i should + take that out, it was commentary from the first release against the api, + but in truth it has been pretty stable to date". + + + [websocket-client] + + Availability: in universe, arch: all. + + Rationale: dependency of python-jujuclient. + + Security: no security history. No CVEs found. No suid or sgid + executables. No executables in /sbin or /usr/sbin. No daemons. This + library is a client for the WebSocket protocol, and as such will + generally handle untrusted input, although this isn't the case with + juju-quickstart. + + Quality assurance: + + As a library, this package is functional on installation. No debconf + questions. No major long-term outstanding bugs. Upstream is active. No + use of exotic hardware. Test suite is run as part of the package build, + and fails the build if tests fail. debian/watch file is present and + working. + + There was an issue with a conflict between Debian and Ubuntu packaging + and tracked in bug 1292502, but this is now resolved. The upstream test + suite had to be imported using a distribution patch in order to run it + as part of the package build (bug 1292511); this was reported to + upstream, so hopefully will be fixed upstream soon so that the + distribution patch can be removed. + + UI standards: N/A + + Dependencies: all in main. + + Standards compliance: standard and minimal dh sequencer based packaging. + FHS compliant and the packaging is up to current Debian policy. + + Maintenance: upstream is active. ~ubuntu-server commits to maintaining + this package in Ubuntu and is subscribed to package bugs. ** Changed in: juju-quickstart (Ubuntu Trusty) Status: In Progress => New ** Changed in: juju-quickstart (Ubuntu Trusty) Assignee: Robie Basak (racb) => (unassigned) ** Changed in: python-jujuclient (Ubuntu Trusty) Status: Incomplete => New ** Changed in: urwid (Ubuntu Trusty) Status: Incomplete => New ** Changed in: websocket-client (Ubuntu Trusty) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1273865 Title: [MIR] juju-quickstart To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju-quickstart/+bug/1273865/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
