[Duplication]
No duplication of that functionality in the Archive in general or main in
particular.
[Embedded sources and static linking]
This package does not contain embedded library sources.
This package does not statically link to libraries.
No Go package
[Security]
I can confirm that there seems to be no CVE/Security history for this package.
It Does not:
- run a daemon as root
- uses old webkit
- uses lib*v8 directly
- uses centralized online accounts
- integrates arbitrary javascript into the desktop
- deals with system authentication
But it does:
- processes arbitrary web (actually smtp) content
- parse data formats
- open a port (indirectly, but it processes network data)
It is a python implemented SMTP server, therefore is recommended to get
a security check.
[Common blockers]
- builds fine at the moment
- server Team committed to subscribe once this gets promoted (enough for now)
- code is not user visible, no translation needed
- dh_python is used
- package produces only python3 binaries
- utilizes build time self tests
[Packaging red flags]
- no current ubuntu Delta to evaluate
- no library with classic symbol tracking
- watch file is present
- Lintian warnings are present but ok
- debian/rules is rather clean
- no usage of Built-Using
- no golang package that would make things harder
[Upstream red flags]
- no suspicious errors during build (a few warnings, but nothing concerning)
- the flurry of warnings is only on the rst doc and seems no deal breaker
- it is pure python, so no incautious use of malloc/sprintf
- no use of sudo, gksu
- no use of pkexec
- no use of LD_LIBRARY_PATH
- no important open bugs
- no Dependency on webkit, qtwebkit, libgoa-*
- no embedded copies in upstream either
[Summary]
Ack from the MIR-Teams POV, but as outlined above a security review is
recommended.
Assigning the security Team.
** Changed in: python-aiosmtpd (Ubuntu)
Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820212
Title:
[MIR] python-aiosmtpd as dependency of mailman3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-aiosmtpd/+bug/1820212/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
