golang-github-tarm-serial:
[Summary]
With the requirement that foundations (or another team) subscribe to the
package bugs,
this is an ACK from the MIR team.
Additionally, I will note that the latest packaged version in Debian/Groovy is
from
2015, and the Debian/Ubuntu package should be updated to the latest upstream
code.
However, the last upstream commit is from 2018, so I won't block MIR on this.
This does not need a security review.
Notes/TODOs:
- specific binary packages to be promoted to main:
golang-github-tarm-serial-dev
Summary of problems:
- single test case not run during build or as autopkgtest, but appears to
require specific hw
- no bug team subscriber
- no debian/watch file
- very slow upstream (last commit from 2018)
- Debian still using upstream code from 2015
I believe the lack of running test case and slow pace of upstream commits can
be ignored
as the package is rather simple.
[Duplication]
- There is no other package in main providing the same functionality.
[Dependencies]
OK:
- no other Dependencies to MIR due to this
- no -dev/-debug/-doc packages that need exclusion
[Embedded sources and static linking]
OK:
- no embedded source present
- golang, so static linked
[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
[Common blockers]
OK:
- does not FTBFS currently
- no translation present, but none needed for this case
- Go package that uses dh-golang
Problems:
- does have a test suite (single test), but does not run at build time, nor as
autopkgtest
The test case appears to require some specific USB serial device(s), which is
likely
why it isn't run during build or as autopkgtest.
- The package does not have a team bug subscriber
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- promoting this does not seem to cause issues for MOTUs
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using
- Go Package that follows the Debian Go packaging guidelines
Problems:
- d/watch is not present
- there are no upstream releases
as there are no upstream releases, the lack of a watch file is not likely a
serious problem, as there are no new releases to update to.
- Upstream update history is very slow
the last upstream commit is from 2018, however this package is very simple,
so the lack of regular upstream commits may not be problematic
- Debian/Ubuntu update history is nonexistent
the Debian package is using upstream code from 2015, and should be updated
to the latest upstream code (which, again, is from 2018)
[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- no embedded source copies
- not part of the UI for extra checks
** Changed in: golang-github-tarm-serial (Ubuntu)
Assignee: Dan Streetman (ddstreet) => Balint Reczey (rbalint)
** Changed in: golang-github-tarm-serial (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1894731
Title:
[MIR] golang-*, Go build dependencies of google-guest-agent
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/golang-github-gcp-guest-logging-go/+bug/1894731/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
