FYI some references: - initial beautifulsoup MIR https://bugs.launchpad.net/ubuntu/+source/beautifulsoup/+bug/492560 - switching to beautifulsoup4 https://bugs.launchpad.net/ubuntu/+source/beautifulsoup4/+bug/1252623
Ack on the rationale, here the ref's of both projects [1][2] for this switch. But this will need to go through the security Team's review (again) as it is not copying the former code from beautifulsoup4 as-is but is "a more complete CSS selector implementation". I agree that the autopkgtests are extensive (good) but currently fail on all architectures. That should be resolved so that there is a good baseline and broken uploads will be gated. Seems to be the same set of errors in py2 and the py3 case. The License was confusing at first using the ambiguous MIT license term in the project itself, but the package correctly identified it as the Expat license so things are ok here. There is some minor packaging issues which would be nice to be resolved, but are not critical. => source-contains-empty-directory docs/theme/ (and it makes the tarball mismatch the packaging git) The upstream tarball at [3] has content in that directory $ ll docs/theme/ -rw-rw-r-- 1 paelzer paelzer 1168 Jan 23 07:16 extra-0b9b22dd13.js -rw-rw-r-- 1 paelzer paelzer 7006 Jan 23 07:16 extra-83f68d2c59.css So I assume that is part of the +dfsg packaging and should be improved just to be sure. Further ok checks: - Since the new beautifulsoup drops that function I see no code duplication issue. - no embedded remote sources nor static linking - dh-python is used I currently see both main packages in main: - python-bs4 - python3-bs4 But the new python-bs4 will pull python2 elements into main. py2 dependencies in main are actively removed fromt he archive one by one and it is discouraged for new MIRs. And python-bs4 would depend on the py2 python-soupsieve. I only found this in the seeds (referring to the old MIR) ubuntu-git/development:54: * python3-webtest And that only pulls in python3-bs4 which would be ok. I checked and currently (disco) python-lxml is pulling python-bs4 into main. That dependency should be broken if possible to not add (semi-)new python2 dependencies. I saw no team subscriber to the package yet, but that is a requirement for the MIR process. Please get a Team to own (state it here) and subscribe to the package for maintenance. Other than that this LGTM and IMHO this could go on as a MIR once the findings above are resolved. [1]: https://facelessuser.github.io/soupsieve/ [2]: https://bazaar.launchpad.net/~leonardr/beautifulsoup/bs4/view/head:/CHANGELOG#L16 [3]: https://pypi.debian.net/soupsieve/soupsieve-1.7.3.tar.gz Summary: - @requestor: please resolve the autopkgtest failures - @requestor: get a team to ack owning and subscribing to the package - @requestor: break the dependency python-lxml -> python-bs4 -> python-soupsieve to not pull new py2 code into main - Once the above is resolved it can enter the review queue of the security Team ** Changed in: soupsieve (Ubuntu) Assignee: Christian Ehrhardt (paelzer) => (unassigned) ** Changed in: soupsieve (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1814500 Title: [MIR] soupsieve (dependency of beautifulsoup4) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backports.functools-lru-cache/+bug/1814500/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
