** Description changed:
+ Given the nature of those MIRs is very similar (decoupling from the ruby
+ interpreter into separate gems, gem2debbed into separate deb packages),
+ I have written the request for all four new ruby3.3 dependencies as part
+ of the same bug.
+
+ I hope this makes it easier for the reviewer to cross-check any
+ information, and have avoided repetition (and not the other way
+ around... in which case I'm very sorry :P )
+
+ [Availability]
+ The package ruby-did-you-mean is already in Ubuntu universe (it was on main
for X/B, then became universe).
+ The package ruby-minitest is already in Ubuntu universe (it was on main for
T/X/B/F, then became universe).
+ The package ruby-test-unit is already in Ubuntu universe (it was on main for
T/X/B/F, then became universe).
+ The package ruby-power-assert is already in Ubuntu universe (it was on main
for X/B/F, then became universe).
+ The four packages build for the architectures they are designed to work on.
+ The packages currently build and work for architectures: amd64 (all)
+ Link to package https://launchpad.net/ubuntu/+source/ruby-did-you-mean
+ Link to package https://launchpad.net/ubuntu/+source/ruby-minitest
+ Link to package https://launchpad.net/ubuntu/+source/ruby-power-assert
+ Link to package https://launchpad.net/ubuntu/+source/ruby-test-unit
+
+ [Rationale]
+ Those four packages were provided by libruby itself until version 3.3.4.
+ However, in version 3.3.5-1 (https://launchpad.net/ubuntu/+source/ruby3.3)
there was
+ a decision to stop using multiple ruby gems provided by the interpreter
itself, relying
+ on the packaged version instead - the changelog says:
+
+ ruby3.3 (3.3.5-1) unstable; urgency=medium
+ (...)
+ * debian/genprovides: move list of rejected provides to an external file
+ * Drop packages that are available standalone from Provides:
+ - base64
+ - csv
+ - did_you_mean
+ - ipaddr
+ - json
+ - minitest
+ - power_assert
+ - psych
+ - test-unit
+ Their files are still shipped, but as far as dependency resolution is
+ concerned, the versions bundled with the Ruby interpreter won't be used
+ anymore.
+
+ Because of this change, ruby3.3 itself started explicitly depending on those
four packages,
+ so they need to be promoted to main.
+ As they were part of libruby, they were "on main already" at some point in
time, now separated
+ for better maintenance and explicit dependency.
+
+ The packages are required in Ubuntu main as soon as possible to
+ solve the component mismatch.
+
+ [Security]
+ Checked all suggested links, for all the four packages. No CVEs/security
issues in these in the past.
+
+ I'm no security expert, but there are some points I could verify:
+
+ - no `suid` or `sgid` binaries, no executables in `/sbin` and `/usr/sbin`
(gems are libraries)
+ - Packages do not install services, timers or recurring jobs
+ - Packages do not open privileged ports (ports < 1024).
+ - Packages do not expose any external endpoints
+
+ [Quality assurance - function/usage]
+ The packages work well right after install
+
+ [Quality assurance - maintenance]
+ - The package is maintained well in Debian/Ubuntu/Upstream and does
+ not have any long-term & critical open bugs:
+ - Ubuntu:
+ - https://bugs.launchpad.net/ubuntu/+source/ruby-did-you-mean/+bug
+ - https://bugs.launchpad.net/ubuntu/+source/ruby-minitest/+bug
+ - https://bugs.launchpad.net/ubuntu/+source/ruby-power-assert/+bug
+ - https://bugs.launchpad.net/ubuntu/+source/ruby-test-unit/+bug
+ - Debian:
+ - https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-did-you-mean
+ - https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-minitest
+ - https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-power-assert
+ - https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-test-unit
+ - Upstream:
+ - https://github.com/ruby/did_you_mean/issues
+ Some old bugs here, but nothing serious. There were bugs fixed after
those reported, so there is maintenance.
+ - https://github.com/minitest/minitest/issues
+ - https://github.com/ruby/power_assert/issues
+ - https://github.com/test-unit/test-unit/issues
+
+ - The packages do not deal with exotic hardware we cannot support
+
+ [Quality assurance - testing]
+ The package runs a test suite on build time, if it fails it makes the build
fail
+ link to build logs:
+ -
https://launchpadlibrarian.net/778727803/buildlog_ubuntu-plucky-amd64.ruby-did-you-mean_1.6.3-2build1~ppa1_BUILDING.txt.gz
+ -
https://launchpadlibrarian.net/776644839/buildlog_ubuntu-plucky-amd64.ruby-minitest_5.25.4-2ubuntu1_BUILDING.txt.gz
+ -
https://launchpadlibrarian.net/778728409/buildlog_ubuntu-plucky-amd64.ruby-power-assert_2.0.3-1build1~ppa1_BUILDING.txt.gz
+ -
https://launchpadlibrarian.net/778728673/buildlog_ubuntu-plucky-amd64.ruby-test-unit_3.6.2-1build1~ppa1_BUILDING.txt.gz
+
+ autopkgtests-wise, debian/control has (for all four packages)
+ Testsuite: autopkgtest-pkg-ruby
+ but there is no debian/tests folder
+
+ [Quality assurance - packaging]
+ - debian/watch is present and works for all four packages
+ - debian/control defines a correct Maintainer field for all four packages
+ - This package does not yield massive lintian Warnings, Errors
+ -`lintian --pedantic` has no output and returns 0 for all four packages
+ - Lintian overrides are not present
+ - This package does not rely on obsolete or about to be demoted packages.
+ - The package will not be installed by default
+ - Packaging and build is easy:
+ -
https://git.launchpad.net/ubuntu/+source/ruby-did-you-mean/tree/debian/rules
+ - https://git.launchpad.net/ubuntu/+source/ruby-minitest/tree/debian/rules
+ -
https://git.launchpad.net/ubuntu/+source/ruby-power-assert/tree/debian/rules
+ - https://git.launchpad.net/ubuntu/+source/ruby-test-unit/tree/debian/rules
+
+ [UI standards]
+ - Applications are not end-user facing (does not need translation)
+
+ [Dependencies]
+ - No further depends or recommends dependencies that are not yet in main.
+ Note that ruby-test-unit depends on ruby-power-assert, but both are part
+ of this MIR request.
+
+ [Standards compliance]
+ - This package correctly follows FHS and Debian Policy
+
+ [Maintenance/Owner]
+ - I Suggest the owning team to be Ubuntu Server - already subscribed to:
+ - ruby-minitest
+ - ruby-power-assert
+ - ruby-test-unit
+ Not yet subscribed to:
+ - ruby-did-you-mean
+
+ - These packages do not use static builds
+ - These packages do not use vendored code
+ - TThese packages are not rust based
+ - The package has been built within the last 3 months:
+ - ruby-did-you-mean, ruby-power-assert, ruby-test-unit in a PPA
+ - ruby-minitest in the archive
+ - Build link on launchpad: please check links in the 'Quality assurance -
testing' session above.
+
+ [Background information]
+ - The Package descriptions explain the packages well
+ - Upstream Names:
+ - did_you_mean
+ - minitest
+ - power_assert
+ - test-unit
+ - Link to upstream projects:
+ - https://github.com/ruby/did_you_mean
+ - https://github.com/minitest/minitest
+ - https://github.com/ruby/power_assert
+ - https://github.com/test-unit/test-unit
+
+ [ Original Description ]
TBD by ~ubuntu-server
ruby3.3 introduces a component-mismatch on ruby-did-you-mean
as well as
* ruby-unit-test (LP: #1197368) -> ruby-power-assert (transitive)
* ruby-minitest (LP: #894827)
Some have old MIRs, which might need to be refreshed. Or maybe we can
find a a way to drop/avoid the 3 new dependencies from universe?
** Changed in: ruby-test-unit (Ubuntu)
Assignee: Renan Rodrigo (renanrodrigo) => (unassigned)
** Changed in: ruby-power-assert (Ubuntu)
Assignee: Renan Rodrigo (renanrodrigo) => (unassigned)
** Changed in: ruby-minitest (Ubuntu)
Assignee: Renan Rodrigo (renanrodrigo) => (unassigned)
** Changed in: ruby-did-you-mean (Ubuntu)
Assignee: Renan Rodrigo (renanrodrigo) => (unassigned)
** Changed in: ruby3.3 (Ubuntu)
Assignee: (unassigned) => Renan Rodrigo (renanrodrigo)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1556608
Title:
[MIR] ruby3.3 dependencies
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-did-you-mean/+bug/1556608/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
