$ lintian --pedantic python-boto3_1.34.46+dfsg-1.dsc P: python-boto3 source: package-uses-old-debhelper-compat-version 12 P: python-boto3 source: silent-on-rules-requiring-root [debian/contro
$ lintian --pedantic python-s3transfer_0.10.0-1.dsc $ lintian --pedantic python-botocore_1.34.46+repack-1.dsc P: python-botocore source: package-uses-old-debhelper-compat-version 12 P: python-botocore source: silent-on-rules-requiring-root [debian/control] ** Description changed: - I'm filing this MIR stub for tracking but I am not actively working on - this MIR. + [Availability] + The package python-boto3 is already in Ubuntu universe. + The package python-boto3 build for the architectures it is designed to work on. + It builds amd64 only (but binary is arch-all) + Link to package https://launchpad.net/ubuntu/+source/python-boto3 - See https://launchpad.net/bugs/2052437 for background. I filed a - separate bug because I think it could be confusing to have a MIR bug - with too many packages affected. + [Rationale] + The package python-boto3 is required in Ubuntu main for simplestreams + The package python-boto3 will not generally be useful for a large part of + our user base, but is important/helpful still because it is required by simplestreams + Additionally new use-cases enabled by this are demoting python-boto to universe because + the only reverse depency in main is simplestreams and debian is going to drop support + for python-boto, see LP: 2052437 + The package python-boto3 is a new runtime dependency of package simplestreams that + we already support + python-boto is not compatible with python3.12, the only python supported in noble, thus + to commit to a long term support of simplestreams, it's better to depend on dependencies + that have upstream support - python-boto only has one current reverse-depends in main: simplestreams. - simplestreams has now switched to python-boto3 in noble-proposed but is - blocked because python-boto3 is not in main yet. + The package python-boto3 is required in Ubuntu main no later than noble is released + due to being required by a new upload of simplestreams in noble-proposed to make it + work on python3.12 and to be able to drop python-boto from noble archives. - Please promote python-boto3 to main so that we can demote python-boto to - universe once simplestreams migrates out of noble-proposed. + [Security] + - No CVEs/security issues in this software in the past: + + (0)https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python-boto3 + (0)https://ubuntu.com/security/cves?q=&package=python-boto3&priority=&version=&status= + (0)https://security-tracker.debian.org/tracker/source-package/python-boto3 + + (0)https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python-s3transfer + (0)https://security-tracker.debian.org/tracker/source-package/python-s3transfer + (0)https://ubuntu.com/security/cves?q=&package=python-s3transfer&priority=&version=&status= + + (0)https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python-botocore + (0)https://security-tracker.debian.org/tracker/source-package/python-botocore + (0)https://ubuntu.com/security/cves?q=&package=python-botocore&priority=&version=&status= + + No `suid` or `sgid` binaries + No executables in `/sbin` and `/usr/sbin` + Package does not install services, timers or recurring jobs + Packages does not open privileged ports (ports < 1024). + Package does not expose any external endpoints + Packages does not contain extensions to security-sensitive software + (filters, scanners, plugins, UI skins, ...) + + [Quality assurance - function/usage] + The package works well right after install. It's a python library. + + [Quality assurance - maintenance] + - The package is maintained well in Debian/Ubuntu/Upstream and does + not have too many, long-term & critical, open bugs + - Ubuntu + - (2)https://bugs.launchpad.net/ubuntu/+source/python-boto3/+bug + - (1)https://bugs.launchpad.net/ubuntu/+source/python-s3transfer/+bugs + - (4)https://bugs.launchpad.net/ubuntu/+source/python-botocore/+bugs + - Debian + - (0)https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=python-boto3 + - (0)https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=python-s3transfer + - (1)https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=python-botocore + - Upstream's bug tracker + - (192)https://github.com/boto/boto3/issues + - (24)https://github.com/boto/s3transfer/issues + - (112)https://github.com/boto/botocore/issues + Looks normal for the age and impact of these libraries + - The package does not deal with exotic hardware we cannot support + + [Quality assurance - testing] + - The package does not run a test at build time because it is not configured to do so, + the upstream source code contains unit tests + - The package does not run an autopkgtest because they are not enabled + + [Quality assurance - packaging] + - debian/watch is present and works + - debian/control defines a correct Maintainer field + - Lintian does not run as part of the build + - https://launchpadlibrarian.net/715514166/buildlog_ubuntu-noble-amd64.python-boto3_1.34.46+dfsg-1_BUILDING.txt.gz + - https://launchpadlibrarian.net/709963913/buildlog_ubuntu-noble-amd64.python-s3transfer_0.10.0-1_BUILDING.txt.gz + - https://launchpadlibrarian.net/715514517/buildlog_ubuntu-noble-amd64.python-botocore_1.34.46+repack-1_BUILDING.txt.gz + - Lintian overrides are present, but ok because they are justified: + + # This is a false positive, likely an occurrence of #1019980 + python-boto3 source: source-is-missing [docs/source/_templates/page.html] + python-botocore source: source-is-missing [docs/source/_templates/page.html] + + - This package does not rely on obsolete or about to be demoted packages. + - This package has no python2 or GTK2 dependencies + - The package will not be installed by default + - Packaging and build is easy, link to debian/rules https://git.launchpad.net/ubuntu/+source/python-boto3/tree/debian/rules + + [UI standards] + - Application is not end-user facing (does not need translation) + + [Dependencies] + - There are further dependencies, python-s3transfer and python-botocore, that are not yet in main, the MIR + process for them is handled as part of this bug here. + + [Standards compliance] + - This package correctly follows FHS and Debian Policy + + [Maintenance/Owner] + - I Suggest the owning team to be the Server team + - The future owning team is not yet subscribed, but will subscribe to + the package before promotion + - This does not use static builds + - This does not use vendored code + + [Background information] + The Package description explains the package well + Upstream Names are boto3, s3transfer and botocore + Link to upstream project + - https://github.com/boto/boto3 + - https://github.com/boto/s3transfer + - https://github.com/boto/botocore + See https://launchpad.net/bugs/2052437 for more background -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2061217 Title: [MIR] python-boto3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-boto3/+bug/2061217/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
