[Summary]
After the requirements ("Required TODOs") below are addressed, this is an ACK
from the MIR team
This does need a security review, so after the requirements are
addressed, it needs to be assigned to ubuntu-security
List of specific binary packages to be promoted to main:
- libnvidia-egl-wayland1
Notes:
Required TODOs:
- add symbol tracking
- add at least basic build test
- an autopkgtest in would be good in addition but not required
- requires a team bug subscriber (this can be done after the security review)
[Duplication]
There is no other package in main providing the same functionality.
[Dependencies]
OK:
- no other Dependencies to MIR due to this
Problems:
- Should exclude binary package libnvidia-egl-wayland-dev
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
[Security]
OK:
- history of CVEs (none) does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
Problems:
- may open a port, depending on configuration (it appears)
[Common blockers]
OK:
- does not FTBFS currently
- no translation present, but none needed for this case (library only)
- not a python/go package, no extra constraints to consider in that regard
Problems:
- The package does not have a team bug subscriber
- does not have a test suite that runs at build time
- does not have a test suite that runs as autopkgtest
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- d/watch is present and looks ok
- Upstream update history is good
- Debian/Ubuntu update history is good
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using
- Not go package
- Not on lto-disabled list
Problems:
- symbols tracking is not in place
[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks
** Changed in: egl-wayland (Ubuntu)
Assignee: Dan Streetman (ddstreet) => Kyle McKay (mackyle)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1935082
Title:
[MIR] egl-wayland
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/egl-wayland/+bug/1935082/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
