** Description changed:
+ [Availability]
+ The package ruby-base64 is already in Ubuntu universe.
+ The package ruby-base64 build for the architectures it is designed to work on.
+ It currently builds and works for architectures: amd64 (all)
+ Link to package: https://launchpad.net/ubuntu/+source/ruby-base64
+
+ [Rationale]
+ ruby-base64 was provided by libruby itself until version 3.3.4.
+ However, in version 3.3.5-1 (https://launchpad.net/ubuntu/+source/ruby3.3)
there was
+ a decision to stop using multiple ruby gems provided by the interpreter
itself, relying
+ on the packaged version instead - the changelog says:
+
+ ruby3.3 (3.3.5-1) unstable; urgency=medium
+ (...)
+ * debian/genprovides: move list of rejected provides to an external file
+ * Drop packages that are available standalone from Provides:
+ - base64
+ - csv
+ - did_you_mean
+ - ipaddr
+ - json
+ - minitest
+ - power_assert
+ - psych
+ - test-unit
+ Their files are still shipped, but as far as dependency resolution is
+ concerned, the versions bundled with the Ruby interpreter won't be used
+ anymore.
+
+ The ruby-sinatra package (in main) depends on ruby-base64 - so the latter
+ should be promoted to main.
+ An alternative would be to drop the rejection and keep the genprovides, but
+ base64 will be turned from a default to a bundled gem from the ruby stdlib in
3.4
+ (https://bugs.ruby-lang.org/issues/19351), so this change will be needed in
the
+ future anyway.
+
+ The package ruby-base64 is required in Ubuntu main as soon as possible to
+ solve the component mismatch.
+
+ [Security]
+ Checked all suggested links, no CVEs/security issues in this software in the
past.
+
+ I'm no security expert, but there are some points I could verify:
+
+ - no `suid` or `sgid` binaries, no executables in `/sbin` and `/usr/sbin`
(gem is a library)
+ - Package does not install services, timers or recurring jobs
+ - Packages does not open privileged ports (ports < 1024).
+ - Package does not expose any external endpoints
+
+ [Quality assurance - function/usage]
+ The package works well right after install
+
+ [Quality assurance - maintenance]
+ - The package is maintained well in Debian/Ubuntu/Upstream and does
+ not have any long-term & critical open bugs:
+ - Ubuntu https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug
+ - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-base64
+ - Upstream https://github.com/ruby/base64/issues
+
+ - The package does not deal with exotic hardware we cannot support
+
+ [Quality assurance - testing]
+ The package runs a test suite on build time, if it fails it makes the build
fail
+ link to build log:
https://launchpadlibrarian.net/739887066/buildlog_ubuntu-oracular-amd64.ruby-base64_0.2.0-2_BUILDING.txt.gz
+
+ autopkgtests-wise, debian/control has
+ Testsuite: autopkgtest-pkg-ruby
+ but there is no debian/tests folder
+
+ [Quality assurance - packaging]
+ - debian/watch is present and works
+ - debian/control defines a correct Maintainer field
+ - This package does not yield massive lintian Warnings, Errors
+ -`lintian --pedantic` has no output and returns 0
+ - Lintian overrides are not present
+ - This package does not rely on obsolete or about to be demoted packages.
+ - The package will not be installed by default
+ - Packaging and build is easy:
https://git.launchpad.net/ubuntu/+source/ruby-base64/tree/debian/rules
+
+ [UI standards]
+ - Application is not end-user facing (does not need translation)
+
+ [Dependencies]
+ - No further depends or recommends dependencies that are not yet in main
+
+ [Standards compliance]
+ - This package correctly follows FHS and Debian Policy
+
+ [Maintenance/Owner]
+ - I Suggest the owning team to be Ubuntu Server (not yet subscribed)
+ - This does not use static builds
+ - This does not use vendored code
+ - This package is not rust based
+ - The package has been built within the last 3 months in a PPA
+ - Build link on launchpad:
https://launchpadlibrarian.net/777343308/buildlog_ubuntu-plucky-amd64.ruby-base64_0.2.0-2~ppa1_BUILDING.txt.gz
+
+ [Background information]
+ - The Package description explains the package well
+ - Upstream Name is base64
+ - Link to upstream project: https://github.com/ruby/base64
+
+ [ Original description ]
TBD by ~ubuntu-server
Upstream ruby-sinatra v3.2.0 introduce a new dependency on ruby-base64:
https://salsa.debian.org/ruby-team/ruby-
sinatra/-/blob/master/CHANGELOG.md?ref_type=heads
This either needs to be dropped or the ruby-bas64 MIR needs to be
handled.
upstream change:
https://github.com/sinatra/sinatra/pull/1946
** Changed in: ruby-base64 (Ubuntu)
Status: Incomplete => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2095497
Title:
[MIR] ruby-base64
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
