[Duplication]
No other comparable filtering dbus proxy in the archive (and none in main
obviously)
[Embedded sources and static linking]
- no embedded sources
- no golang
- no static linking
[Security]
- no CVEs on top of the reported and fixed CVE-2018-6560
- does not run a daemon as root
- does not uses webkit1,2 (in fact only becomes important with webkit2gtk 2.26)
- does not use lib*v8 directly
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
It does
- parses data formats
- opens a port (not a classic one but on dbus)
- does not processes arbitrary web content, but semi arbitrary dbus messages
- does not deals with system authentication (eg, pam), etc), but dbus is
involved there and due to that it is as well.
This needs a security review, which fortunately already was done.
So we can feel safe on that side.
[Common blockers]
- builds on all arches without FTBFS
- has a (minimal) build time test
- has a autopkgtest
- code/msg isn't really user visible (no translations needed)
- not a python package
- Desktop Packages is subscribed
- Desktop packages is subscribed
[Packaging red flags]
- no Ubuntu delta
- no library that is exposed for symbols tracking
- watch file present
- update history seems ok
- current release packaged
- no MOTU conflict
- no massive Lintian warnings
- debian/rules is small and clean
- no Built-Using
- no golang checks needed
[Upstream red flags]
- no warning/errors on build
- no incautious use of malloc/sprintf that came up in checkers
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no known Important bugs (crashers, etc) in Debian or Ubuntu
- no Dependency on webkit, qtwebkit, seed or libgoa-* (but vice versa)
- no Embedded source copies
[Summary]
This package seems fine - ACK for the MIR Team
** Changed in: xdg-dbus-proxy (Ubuntu)
Status: New => Fix Committed
** Changed in: xdg-dbus-proxy (Ubuntu)
Assignee: Christian Ehrhardt (paelzer) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1811824
Title:
[MIR] xdg-dbus-proxy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xdg-dbus-proxy/+bug/1811824/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
