Note: There is still some unanswered question Christian asked on ipp-usb about confinement and the daemon that needs to be answered before going further.
golang-github-openprinting-goipp: [Summary] - MIR Team ack from a packaging and code POV. - Needs Security team review [Duplication] Nothing to add over the top request. Providing and use of Go native binding is welcome. [Dependencies] OK: - no other Dependencies to MIR - only one -dev package that needs to be in main due to the nature of Go library (statically linked) [Embedded sources and static linking] OK: - no embedded source present - no static linking, only ship source code [Security] OK: - no CVEs, but really fresh new package. - it does use Go battle-proof http stack - does not use webkit2,2 - does not use lib*v9 directly - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) Problems: - parse data formats, but only in pure Go, via consts. Should be safe but better to double check with Security - does not open a port - does not run a daemon as root [Common blockers] OK: - does not FTBFS currently - does have a test suite that runs at build time (but fairly minimal) - test suite fails will fail the build upon error. - no translation present, but none needed - not a python package, no extra constraints to consider int hat regard - Go package that uses dh-golang - Team subscription is now OK [Packaging red flags] OK: - Ubuntu does not carry a delta - symbols tracking not applicable for this kind of code. - d/watch is present and looks ok - Upstream update history is good - Debian/Ubuntu update history is good, but short - there is no official release yet so it’s a git snapshot (latest upstream commit) - promoting this does not seem to cause issues for MOTUs that so far maintained the package - no massive Lintian warnings - d/rules is clean and minimal - Go package that follows the Debian Go packaging guidelines [Upstream red flags] OK: - standard and comprehensible Go code. - use of go modules. - no Errors/warnings during the build - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian or Ubuntu - no dependency on webkit, qtwebkit, seed or libgoa-* - no embedded source copies - not part of the UI for extra checks - no upstream bug opened at this date (none over the lifetime of the project) ** Changed in: golang-gopkg-ini.v1 (Ubuntu) Assignee: (unassigned) => Didier Roche (didrocks) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1891157 Title: [MIR] ipp-usb To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/golang-github-openprinting-goipp/+bug/1891157/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs