Public bug reported: [Availability]
ruby-webrick is already in Ubuntu universe since Jammy. It is an arch:all package and it builds fine in amd64, all tests pass successfully. Here its LP page: https://launchpad.net/ubuntu/+source/ruby-webrick [Rationale] This ruby gem was embedded in the ruby interpreter until ruby 2.7. In ruby 3.0, it was removed from the interpreter source tree by upstream decision and packaged separetely. Many packages still rely on it, and it is a low maintanence package. The most important package depending on it is rubygems which is in main. Because that happens since Jammy we should promote ruby-webrick in Jammy and Kinetic. pcs is another package which its promotion to main is planned for this cycle and depends on it. [Security] Searching for ruby-webrick the following was found: * 26 CVEs (most of them are old issues) http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=webrick * No CVEs in the Ubuntu tracker (the package was introduced in Jammy only and most of issues are older than that): https://ubuntu.com/security/cves?package=ruby-webrick The package itself does not provide any binary. However, this is a library that allows one to set up your own HTTP server, so the script/software written using this library can open ports for instance, but I do not think this is a concern regarding the MIR process. [Quality assurance - function/usage] The package works well right after installation. The user needs to understand the library API and that is it. [Quality assurance - maintenance] ruby-webrick upstream maintainers do not seem so responsive in the few upstream bugs that are filed on Github: https://github.com/ruby/webrick/issues However, most of them do not seem to be critical. There is one OpenSSL 3 specific issue that might be impacting Ubuntu but no one found that yet to file a bug: https://github.com/ruby/webrick/issues/90 But it seems they are responsive when the problem is security related. Some of the maintainers are also ruby interpreter maintainers. There is no bug reported against Debian nor Ubuntu. [Quality assurance - testing] Upstream provides a comprehensive test suite which is executed during package build time. The same set of tests are executed using autopkgtest, this is triggered by ruby autodep8. This is an arch:all package and it has been building fine since it was introduced in Ubuntu: https://launchpad.net/ubuntu/+source/ruby- webrick/1.7.0-3/+build/22464915 autopkgtest is passing in all supported architectures: https://autopkgtest.ubuntu.com/packages/ruby-webrick [Quality assurance - packaging] The package contains a working debian/watch file. Nothing important reported by lintian, no overrides also. This is a straightforward packages, similar to most ruby gems we have packaged in the archive. [UI standards] This is a library, no need to translation, desktop files, or anything UI related. [Dependencies] The only two build dependencies it has is debhelper-compat and gem2deb, gem2deb is in universe but it is used to build most of ruby packages. No runtime dependency apart from regular ruby. [Standards compliance] This package correctly follows FHS and Debian Policy. [Maintenance/Owner] This package will be owned by the Server team since we already maintain the ruby stack. This package is well maintained in Debian, so this is low effort in Ubuntu since it is a sync. The Server team is not yet subscribed to the package, but will subscribe before promotion. [Background information] The Package description explains the package well. Link to upstream project: https://github.com/ruby/webrick ** Affects: ruby-webrick (Ubuntu) Importance: Undecided Status: New ** Affects: ruby-webrick (Ubuntu Jammy) Importance: Undecided Status: New ** Affects: ruby-webrick (Ubuntu Kinetic) Importance: Undecided Status: New ** Also affects: ruby-webrick (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: ruby-webrick (Ubuntu Kinetic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1975523 Title: [MIR] Promote to main in Jammy and Kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-webrick/+bug/1975523/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
