Public bug reported: This will be needed for qq.I am preemptively opening the bug to speed up process when the package lands in universe.
[Availability] The package ruby-rack-session is proposed to land in Ubuntu universe - it was introduced in plucky, but did not migrate as it build-depends on ruby-rack (>= 3.0.0~), which is not available yet. The package ruby-rack-session builds for the architectures it is designed to work on. It currently builds and works for architectures: amd64 (all) Link to package: https://launchpad.net/ubuntu/+source/ruby-rack-session [Rationale] ruby-rack-session used to be part of ruby-rack, but was separated in version 3 and declared as a Recommands. That can be seen in the upstream README (https://github.com/rack/rack-session) and in the ruby-rack changelog (https://tracker.debian.org/media/packages/r/ruby-rack/changelog-3.1.12-1) ruby-rack (3.0.0-1) experimental; urgency=medium (...) * d/control: recommend ruby-rack-session and ruby-rackup. (...) On plucky, ruby-rack stays in version 2, but we want version 3 in qq, and that would cause a component mismatch. An alternative could be turning this Recommends into a Suggests, but version 4 of ruby-sinatra (currently in -proposed, not landing on plucky, but landing on qq) have ruby-rack-session as a dependency, causing a component-mismatch in -proposed. The package ruby-rack-session is required in Ubuntu main for these scenarios, to solve the component mismatches generated by the dependency. It should first land in the qq release, together with ruby- rack v3. This MIR is similar to https://bugs.launchpad.net/ubuntu/+source/ruby3.3/+bug/1556608 and https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497, in the sense that the code itself was already in main, as part of ruby- rack, and was separated into a specific gem now. [Security] Checked all suggested links, no CVEs/security issues in this software in the past. I'm no security expert, but there are some points I could verify: - no `suid` or `sgid` binaries, no executables in `/sbin` and `/usr/sbin` (gem is a library) - Package does not install services, timers or recurring jobs - Packages does not open privileged ports (ports < 1024). - Package does not expose any external endpoints [Quality assurance - function/usage] The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream and does not have any long-term & critical open bugs: - Ubuntu https://bugs.launchpad.net/ubuntu/+source/ruby-rack-session/+bug - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-rack-session - Upstream https://github.com/rack/rack-session/issues - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] The package runs a test suite on build time, if it fails it makes the build fail link to build log: https://launchpadlibrarian.net/780899763/buildlog_ubuntu-plucky-amd64.ruby-rack-session_2.1.0-1_BUILDING.txt.gz autopkgtests-wise, debian/control has Testsuite: autopkgtest-pkg-ruby [Quality assurance - packaging] - debian/watch is present and works - debian/control defines a correct Maintainer field - This package does not yield massive lintian Warnings, Errors -`lintian --pedantic` has no output and returns 0 - Lintian overrides are not present - This package does not rely on obsolete or about to be demoted packages. - The package will not be installed by default - Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/ruby-rack-session/tree/debian/rules [UI standards] - Application is not end-user facing (does not need translation) [Dependencies] - No further depends or recommends dependencies that are not yet in main [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - I Suggest the owning team to be Ubuntu Server (not yet subscribed) - This does not use static builds - This does not use vendored code - This package is not rust based - The package has been built within the last 3 months in the archive - Build link on launchpad: https://launchpadlibrarian.net/780899763/buildlog_ubuntu-plucky-amd64.ruby-rack-session_2.1.0-1_BUILDING.txt.gz [Background information] - The Package description explains the package well - Upstream Name is rack-session - Link to upstream project: https://github.com/rack/rack-session ** Affects: ruby-rack-session (Ubuntu) Importance: Undecided Status: New ** Description changed: - This will be needed for qq. + This will be needed for qq.I am preemptively opening the bug to speed up + process when the package lands in universe. [Availability] The package ruby-rack-session is proposed to land in Ubuntu universe - it was introduced in plucky, but did not migrate as it build-depends on ruby-rack (>= 3.0.0~), which is not available yet. The package ruby-rack-session builds for the architectures it is designed to work on. It currently builds and works for architectures: amd64 (all) Link to package: https://launchpad.net/ubuntu/+source/ruby-rack-session [Rationale] ruby-rack-session used to be part of ruby-rack, but was separated in version 3 and declared as a Recommands. That can be seen in the upstream README (https://github.com/rack/rack-session) and in the ruby-rack changelog (https://tracker.debian.org/media/packages/r/ruby-rack/changelog-3.1.12-1) ruby-rack (3.0.0-1) experimental; urgency=medium - (...) - * d/control: recommend ruby-rack-session and ruby-rackup. - (...) + (...) + * d/control: recommend ruby-rack-session and ruby-rackup. + (...) On plucky, ruby-rack stays in version 2, but we want version 3 in qq, and that would cause a component mismatch. An alternative could be turning this Recommends into a Suggests, but version 4 of ruby-sinatra (currently in -proposed, not landing on plucky, but landing on qq) have ruby-rack-session as a dependency, causing a component-mismatch in -proposed. The package ruby-rack-session is required in Ubuntu main for these scenarios, to solve the component mismatches generated by the dependency. It should first land in the qq release, together with ruby- rack v3. This MIR is similar to https://bugs.launchpad.net/ubuntu/+source/ruby3.3/+bug/1556608 and https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497, in the sense that the code itself was already in main, as part of ruby- rack, and was separated into a specific gem now. [Security] Checked all suggested links, no CVEs/security issues in this software in the past. I'm no security expert, but there are some points I could verify: - no `suid` or `sgid` binaries, no executables in `/sbin` and `/usr/sbin` (gem is a library) - Package does not install services, timers or recurring jobs - Packages does not open privileged ports (ports < 1024). - Package does not expose any external endpoints [Quality assurance - function/usage] The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream and does - not have any long-term & critical open bugs: - - Ubuntu https://bugs.launchpad.net/ubuntu/+source/ruby-rack-session/+bug - - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-rack-session - - Upstream https://github.com/rack/rack-session/issues + not have any long-term & critical open bugs: + - Ubuntu https://bugs.launchpad.net/ubuntu/+source/ruby-rack-session/+bug + - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-rack-session + - Upstream https://github.com/rack/rack-session/issues - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] The package runs a test suite on build time, if it fails it makes the build fail link to build log: https://launchpadlibrarian.net/780899763/buildlog_ubuntu-plucky-amd64.ruby-rack-session_2.1.0-1_BUILDING.txt.gz autopkgtests-wise, debian/control has Testsuite: autopkgtest-pkg-ruby [Quality assurance - packaging] - debian/watch is present and works - debian/control defines a correct Maintainer field - This package does not yield massive lintian Warnings, Errors -`lintian --pedantic` has no output and returns 0 - Lintian overrides are not present - This package does not rely on obsolete or about to be demoted packages. - The package will not be installed by default - Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/ruby-rack-session/tree/debian/rules [UI standards] - Application is not end-user facing (does not need translation) [Dependencies] - No further depends or recommends dependencies that are not yet in main [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - I Suggest the owning team to be Ubuntu Server (not yet subscribed) - This does not use static builds - This does not use vendored code - This package is not rust based - The package has been built within the last 3 months in the archive - Build link on launchpad: https://launchpadlibrarian.net/780899763/buildlog_ubuntu-plucky-amd64.ruby-rack-session_2.1.0-1_BUILDING.txt.gz [Background information] - The Package description explains the package well - Upstream Name is rack-session - Link to upstream project: https://github.com/rack/rack-session -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2106774 Title: [MIR] ruby-rack-session To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby-rack-session/+bug/2106774/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
