** Description changed:
+ 1. Availability:
+ The package is already in the Ubuntu universe, and builds for amd64
+ (arch=all package), see [1].
+
+ 2. Rationale:
+ This formerly was part of the ruby<version> [2] packages which are in main.
There is a userbase relying on it, but due to this part of it now separated
into an extra package we have to MIR it.
+
+ 3. Security:
+ This is a bit of a special case, as it was part of a Main package before,
just now being separated I think we don't need an extra security check again.
+
+ But while not needing a new review a short 'ack' to that assumption by
+ the security team should be requested. Given that the list [2] is not
+ short.
+
+ 4. Quality assurance:
+ The package is a lib, so it is not usable on its own but dragged in via
dependencies as needed and just as usable as it was prior the de-bundling.
+
+ The package has no huge list of long standing bugs [4][5] and lintian
+ --pedantic is kind of happy with it as well.
+
+ Build time tests are existing and run [6]
+ 48 tests, 242 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0
notifications
+
+ Also there are no outdated dependencies present.
+
+ 5. UI standards:
+ This has no UI facing tools on it'S own, so this section is n/a
+
+ 6. Dependencies:
+ This will be a leaf package
+ It will be pulled in main by ruby2.5 -> libruby -> ruby-xmlrpc
+
+ 7. Standards compliance:
+ The package should meet the [[http://www.pathname.com/fhs/|FHS]] and
[[http://www.debian.org/doc/debian-policy/|Debian Policy]] standards. Major
violations should be documented and justified. Also, the source packaging
should be reasonably easy to understand and maintain.
+
+ 8. Maintenance:
+ The server team will subscribe to this as it is for ruby2.5 which this was
separated from.
+
+ OTOH it is a very simple package and reasonably maintained in Debian, so
+ hopefully we can just sync it from Debian most of the time.
+
+ 9. Background information:
+ As mentioned multiple times, this is only making up for a split of some bits
of src:ruby2.5 into this src:ruby-xmlrpc - it has its own GH page [7] if your
want to check the project.
+
+ [1]: https://launchpad.net/ubuntu/+source/ruby-xmlrpc/0.3.0-2
+ [2]: https://launchpad.net/ubuntu/+source/ruby2.5
+ [3]:
https://www.cvedetails.com/product/12215/Ruby-lang-Ruby.html?vendor_id=7252
+ [4]: https://bugs.launchpad.net/ubuntu/+source/ruby2.5
+ [5]: https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=ruby2.5
+ [6]:
https://launchpadlibrarian.net/379621157/buildlog_ubuntu-cosmic-amd64.ruby-xmlrpc_0.3.0-2_BUILDING.txt.gz
+ [7]: https://github.com/ruby/xmlrpc
+
+
+ ---
+
ruby-xmlrpc 0.3.0 is a bundled_gem part of the libruby2.5 ABI, whilst
previously missing it is available now as a stand alone package which
ruby2.5 depends on.
please promote to main.
maintained and embeded by ruby interpreter upstream themselves, similar
to other bundled gems i.e. ruby-openssl.
** Changed in: ruby-xmlrpc (Ubuntu)
Assignee: Ubuntu Server (ubuntu-server) => Ubuntu Security Team
(ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1794091
Title:
[MIR] ruby-xmlrpc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-xmlrpc/+bug/1794091/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
