[Summary] MIR team Ack, it is a small reasonable package without too much attack surface nor any obvious flaws.
List of specific binary packages to be promoted to main: libbackuppc-xs- perl [Duplication] There is no other package in main providing the same functionality. [Dependencies] OK: - no other Dependencies to MIR due to this - no -dev/-debug/-doc packages that need exclusion [Embedded sources and static linking] OK: - no static linking Problems: - embedded source zlib is ok (present, but patched out and not used) - embedded source md5 is ok (this one is used, but it is from rsync which does not provide it as a reusable library). While there would be options from libbsd and libssl I think there are so many custom md5's out there, just many don't state it as external code - that I think this isn't a blocker) I filed https://github.com/backuppc/backuppc-xs/issues/7 for it [Security] OK: - history of CVEs does not look concerning - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not parse data formats - does not open a port - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) [Common blockers] OK: - does not FTBFS currently - does have a test suite that runs at build time (trivial test but yes) - test suite fails will fail the build upon error. - does have a test suite that runs as autopkgtest - The package has a team bug subscriber - no translation present, but none needed for this case (user visible)? - not a python/go package, no extra constraints to consider int hat regard - no new python2 dependency [Packaging red flags] OK: - Ubuntu does not carry a delta - symbols tracking not applicable for this kind of code. - d/watch is present and looks ok - Upstream update history is good - Debian update history is good - the current release is packaged - promoting this does not seem to cause issues for MOTUs that so far maintained the package - no massive Lintian warnings - d/rules is rather clean - Does not have Built-Using [Upstream red flags] OK: - no Errors/warnings during the build (some minimal warnings due to the new compiler for Wformat-truncation, but nothing severe) => https://github.com/backuppc/backuppc-xs/issues/6 - no incautious use of malloc/sprintf (as far as I can check it) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian or Ubuntu - no dependency on webkit, qtwebkit, seed or libgoa-* - not part of the UI for extra checks ** Bug watch added: github.com/backuppc/backuppc-xs/issues #7 https://github.com/backuppc/backuppc-xs/issues/7 ** Bug watch added: github.com/backuppc/backuppc-xs/issues #6 https://github.com/backuppc/backuppc-xs/issues/6 ** Changed in: libbackuppc-xs-perl (Ubuntu) Status: New => In Progress ** Changed in: libbackuppc-xs-perl (Ubuntu) Assignee: Christian Ehrhardt (paelzer) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1910262 Title: [MIR] libbackuppc-xs-perl To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/backuppc-rsync/+bug/1910262/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
