[Summary] After the requirements ("Required TODOs") below are addressed, this is an ACK from the MIR team
This does need a security review, so after the requirements are addressed, it needs to be assigned to ubuntu-security List of specific binary packages to be promoted to main: - libnvidia-egl-wayland1 Notes: Required TODOs: - add symbol tracking - add at least basic build test - an autopkgtest in would be good in addition but not required - requires a team bug subscriber (this can be done after the security review) [Duplication] There is no other package in main providing the same functionality. [Dependencies] OK: - no other Dependencies to MIR due to this Problems: - Should exclude binary package libnvidia-egl-wayland-dev [Embedded sources and static linking] OK: - no embedded source present - no static linking [Security] OK: - history of CVEs (none) does not look concerning - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not parse data formats - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) Problems: - may open a port, depending on configuration (it appears) [Common blockers] OK: - does not FTBFS currently - no translation present, but none needed for this case (library only) - not a python/go package, no extra constraints to consider in that regard Problems: - The package does not have a team bug subscriber - does not have a test suite that runs at build time - does not have a test suite that runs as autopkgtest [Packaging red flags] OK: - Ubuntu does not carry a delta - d/watch is present and looks ok - Upstream update history is good - Debian/Ubuntu update history is good - the current release is packaged - promoting this does not seem to cause issues for MOTUs that so far maintained the package - no massive Lintian warnings - d/rules is rather clean - Does not have Built-Using - Not go package - Not on lto-disabled list Problems: - symbols tracking is not in place [Upstream red flags] OK: - no Errors/warnings during the build - no incautious use of malloc/sprintf (as far as I can check it) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream - no dependency on webkit, qtwebkit, seed or libgoa-* - not part of the UI for extra checks ** Changed in: egl-wayland (Ubuntu) Assignee: Dan Streetman (ddstreet) => Kyle McKay (mackyle) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1935082 Title: [MIR] egl-wayland To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/egl-wayland/+bug/1935082/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs