[Summary] We need to assess the situation of package updates. We are several releases behind (5 years behind) and have some CVE as distro-patch as a consequence. Some DD just took it over in January it seems, but didn’t update to current releases.
List of specific binary packages to be promoted to main: libintl-perllib libintl-xs-perl Required TODOs: - Assess the package update situation and health of the debian team responsible for it. [Duplication] Other perls modules deals with i18n, but it seems none give the same gettext functionality. [Dependencies] OK: - no other Dependencies to MIR due to this (perlapi-5.32.1 is a virtual package provided by perl-base) - no -dev/-debug/-doc packages that need exclusion [Embedded sources and static linking] OK: - no embedded source present - no static linking [Security] OK: - history of CVEs does not look concerning - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not parse data formats - does not open a port - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) [Common blockers] OK: - does not FTBFS currently - does have a test suite that runs at build time - test suite will fail upon error. - does have a test suite that runs as autopkgtest - no translation present, but none needed for this case - not a python/go package, no extra constraints to consider in that regard [Packaging red flags] OK: - Ubuntu does not carry a delta - no symbols tracking for this kind of libs - d/watch is present and looks ok - Upstream update history is good - promoting this does not seem to cause issues for MOTUs that so far - no massive Lintian warnings - d/rules is rather clean (=the minimum) - Does not have Built-Using Problems: - Debian/Ubuntu update history is not good: we are several release behind (1.26 released in 2016 and curent is 1.32), some CVS has been distro-patched due to this. - the current release is not packaged and lagging behind (the version [Upstream red flags] OK: - no Errors/warnings during the build - no incautious use of malloc/sprintf (perl) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream - no dependency on webkit, qtwebkit, seed or libgoa-* - not part of the UI for extra checks ** Changed in: libintl-perl (Ubuntu) Assignee: Didier Roche (didrocks) => (unassigned) ** Changed in: libintl-perl (Ubuntu) Status: New => Incomplete ** Changed in: libintl-perl (Ubuntu) Assignee: (unassigned) => Christian Ehrhardt (paelzer) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1907422 Title: [MIR] needrestart + dependencies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libintl-perl/+bug/1907422/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs