[Summary] While duplication usually is a reason to nack that is ok for this package that only has non-active code - if the Desktop Team wants to own it. They will own it that way for all the lifetime of Bionic anyway.
The process exists to ensure maintenance is doable and quality is ok, and here forcing the premature transition probably causes more fall-out than we gain by avoiding to maintain gsfonts + fonts-urw-base35 for now. @Desktop: But still, do yourself a favor and complete the transition in 20.10 to get rid of gsfonts some day. @Desktop - you need to add the package subscription, that isn't done yet. Other than that it is safe and well packaged. => MIR Team ack, no security review needed [Duplication] There is a problem with duplication here. I'm not a fonts expert so I beg your pardon if there are fine details that differ. But it seems that there are: - libgs9-common (src:ghostscript) - gsfonts - fonts-urw-base35 There is currently a transition from gsfonts -> fonts-urw-base35 happening. This is also reflected in what one can see in the archive. E.g. ghostscript does this transition and therefore is blocked atm. But gsfonts is in main still and I doubt we can make the transition complete in Focal. But this is a low effort maintenance package, I guess it is ok to have the Desktop Team own both in Focal without much drawback. gsfonts already is owned by Desktop. Adding fonts-urw-base35 while strictly speaking is a duplicate is ok as it has no active code and changes rarely. [Dependencies] OK: - no other dependencies from this package that need to be MIRed - no -dev/-debug/-doc packages with extra deps that would be auto-incldued that need exclusion later on promotion [Embedded sources and static linking] OK: - no embedded source present - no static linking [Security] OK: - history of CVEs does not look concerning (none) - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not parse data formats - does not open a port - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) => No security review needed [Common blockers] OK: - does not FTBFS currently - no translation present, but none needed for this case - not a python package, no extra constraints to consider int hat regard - It has no tests which usually is a blocker, but ok for a fonts package I'd think Problems: - Desktop isn't subscribed - it does need a team bug subscriber [Packaging red flags] OK: - Ubuntu does not carry a delta - symbols tracking not applicable for this kind of code. - d/watch is present and looks ok - Upstream update history is good - Debian/Ubuntu update history is good - the current release is packaged - promoting this does not seem to cause issues for MOTUs that so far maintained the package - no massive Lintian warnings - d/rules is rather clean - not using Built-Using [Upstream red flags] OK: - no Errors/warnings during the build - no incautious use of malloc/sprintf - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian, Ubuntu or Upstream - no dependency on webkit, qtwebkit, seed or libgoa-* - no embedded source copies - not part of the UI for extra checks (If this is a scope for the Unity Dash, does it honor the privacy settings?) ** Bug watch added: Debian Bug tracker #932897 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932897 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1862048 Title: [MIR] fonts-urw-base35 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fonts-urw-base35/+bug/1862048/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
