Public bug reported: This is a new package for which Canonical is the upstream. The purpose is to create profiles of cryptography configuration that will be used across software in the distribution.
I'd like to have it uploaded to universe. There is a pretty complete specification is at https://discourse.ubuntu.com/t/spec-crypto-config-a-framework-to-manage- crypto-related-configurations-system-wide/54265 Since crypto-config implies a link with pretty much every software, the system has been designed to avoid hard dependencies in order to ease integration and eliminate SPOFs. This means the upload is particularly low-risk. There is no Depends nor Recommends and the package isn't seeded. This should change in the future but only after it moves to main. Some of the interesting use cases of crypto-config can only be properly achieved if the package is in Ubuntu. For instance, the system allows selecting the cryptography profile very early during setup, either through cloud-init, or container creation. Adding a PPA is an additional step that is a burden, and which is problematic when combined with cloud-init (see https://github.com/canonical/cloud-init/issues/3218 ). Moreover, main and recommends/seeding are ultimately a target: universe is a step in that direction. Crypto-config uses a dpkg postinst trigger and as such could wreak havoc but: 1- the shell script code is shellcheck clean 2- the worst that should happen is that the system doesn't work, not that the system is nuked 3- I've started rewriting that in Rust 4- let's face, it's not going to see world-wide usage during plucky There is a PPA at https://launchpad.net/~adrien/+archive/ubuntu/crypto- config/+packages Sources are at https://github.com/canonical/crypto-config Documentation should be rather good. There's a small catch-22 though because some examples and demos make more sense with a package that is in the archive rather than in a PPA and I'll expand these after the upload. Lintian only reports no non-pedantic issue. I recently added a d/watch file and it currently does not verify the signature but it should do soon. I don't have automated tests at the moment sadly (in part due to the issue with cloud-init which complicates things somewhat). This is something I want to work on however and I am aware it is a requirement for inclusion in main. I think the packaging looks good overall but forgive me if I've missed something as there are so many different things to pay attention to with new packages. ** Affects: ubuntu Importance: High Assignee: Adrien Nader (adrien) Status: In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2098879 Title: crypto-config: please accept new package in universe To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2098879/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
