Note: There is still some unanswered question Christian asked on ipp-usb
about confinement and the daemon that needs to be answered before going
further.
golang-github-openprinting-goipp:
[Summary]
- MIR Team ack from a packaging and code POV.
- Needs Security team review
[Duplication]
Nothing to add over the top request. Providing and use of Go native binding is
welcome.
[Dependencies]
OK:
- no other Dependencies to MIR
- only one -dev package that needs to be in main due to the nature of Go
library (statically linked)
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking, only ship source code
[Security]
OK:
- no CVEs, but really fresh new package.
- it does use Go battle-proof http stack
- does not use webkit2,2
- does not use lib*v9 directly
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
Problems:
- parse data formats, but only in pure Go, via consts. Should be safe but
better to double check with Security
- does not open a port
- does not run a daemon as root
[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time (but fairly minimal)
- test suite fails will fail the build upon error.
- no translation present, but none needed
- not a python package, no extra constraints to consider int hat regard
- Go package that uses dh-golang
- Team subscription is now OK
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Debian/Ubuntu update history is good, but short
- there is no official release yet so it’s a git snapshot (latest upstream
commit)
- promoting this does not seem to cause issues for MOTUs that so far maintained
the package
- no massive Lintian warnings
- d/rules is clean and minimal
- Go package that follows the Debian Go packaging guidelines
[Upstream red flags]
OK:
- standard and comprehensible Go code.
- use of go modules.
- no Errors/warnings during the build
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- no embedded source copies
- not part of the UI for extra checks
- no upstream bug opened at this date (none over the lifetime of the project)
** Changed in: golang-gopkg-ini.v1 (Ubuntu)
Assignee: (unassigned) => Didier Roche (didrocks)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891157
Title:
[MIR] ipp-usb
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-github-openprinting-goipp/+bug/1891157/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
