Public bug reported: [Availability]
Available in universe in all currently supported releases. [Rationale] src:php7.0 is currently patched to not build php-xmlrpc due to component-mismatch. Previously, php5-xmlrpc was in main and built from src:php5. The PHP 5 version of the xmlrpc extension did not have a build dependency on xmlrpc-epi, but Debian's PHP 7.0 has added it. End-users will expect to find, generally, the same extensions available in Xenial as on Trusty (accounting for the version change) in the same components. [Security] php7.0 has been promoted to main, and php7.0-xmlrpc re-enablement would result in that package also being in main. php-xmlrpc is included with and supported as part of the core PHP release in all currently supported versions. It therefore has security support from the core PHP team. It also has security support from upstream Debian. xmlrpc-epi itself shows no results from CVEs or NVD. There is one mention of a php-xmlrpc CVE that may be relevant: http://cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2014-8626, but it only affects older version of PHP. The xmlrpc-epi package does not install any executables or services. [Quality assurance] There is nothing to start upon installation of xmlrpc-epi. The binary packages produced provide shared libraries. There are no debconf questions asked during installation. Upstream xlmrpc-epi bugs: https://sourceforge.net/p/xmlrpc-epi/bugs - None seem significant. Debian bugs: https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=xmlrpc-epi - The only bug affects mips only. Ubuntu bugs: https://launchpad.net/ubuntu/+source/xmlrpc-epi/+bugs - No bugs found. In Debian, there are a few lintian errors, but it is otherwise clean (https://packages.qa.debian.org/x/xmlrpc-epi.html). This xmlrpc-epi package does not deal with hardware. The xmlrpc-epi package does not ship a test suite. The xmlrpc-epi package has a debian/watch file, although PTS indicates it might be invalid currently. [Dependencies] All build and binary dependencies are satisfiable in main. [Standards compliance] The current package meets Debian Policy 3.9.2 (current is 3.9.6). [Maintenance] The php7.0 source package is already maintained by Ubuntu Developers, who are responsible for providing security updates for several other binary packages from php7.0 source. Bugs and security issues that affect php-xmlrpc will typically affect core as well and require updates. Security issues which affect xmlrpc-epi are rare so the extra workload required should hopefully be minimal. [Background information] To be clear, php5-xmlrpc was in main before we demoted php5 to universe (with the intention of removing it from the archive). It makes sense to keep php7.0-xmlrpc in main, correspondingly, and this is the only build dependency needed to do so. ** Affects: php7.0 (Ubuntu) Importance: Undecided Status: New ** Affects: xmlrpc-epi (Ubuntu) Importance: Undecided Status: New ** Also affects: php7.0 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1547700 Title: [MIR] xmlrpc-epi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php7.0/+bug/1547700/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
