$ lintian --pedantic W: libfyaml-dev: changelog-distribution-does-not-match-changes-file unstable != resolute [usr/share/doc/libfyaml-dev/changelog.Debian.gz:1] W: libfyaml-utils: changelog-distribution-does-not-match-changes-file unstable != resolute [usr/share/doc/libfyaml-utils/changelog.Debian.gz:1] W: libfyaml0: changelog-distribution-does-not-match-changes-file unstable != resolute [usr/share/doc/libfyaml0/changelog.Debian.gz:1] W: libfyaml changes: distribution-and-changes-mismatch resolute unstable W: libfyaml-utils: groff-message troff:<standard input>:471: warning: cannot select font 'C' [usr/share/man/man1/fy-tool.1.gz:1] W: libfyaml-utils: groff-message troff:<standard input>:492: warning: cannot select font 'C' [usr/share/man/man1/fy-tool.1.gz:2] W: libfyaml-utils: groff-message troff:<standard input>:506: warning: cannot select font 'C' [usr/share/man/man1/fy-tool.1.gz:3] W: libfyaml-utils: groff-message ... use "--tag-display-limit 0" to see all (or pipe to a file/program) W: libfyaml-dev: spelling-error-in-changelog agressively aggressively [usr/share/doc/libfyaml-dev/changelog.Debian.gz] W: libfyaml-utils: spelling-error-in-changelog agressively aggressively [usr/share/doc/libfyaml-utils/changelog.Debian.gz] W: libfyaml0: spelling-error-in-changelog agressively aggressively [usr/share/doc/libfyaml0/changelog.Debian.gz]
** Description changed: - The new appstream version switched from libyaml to libfyaml. + [Availability] + The package libfyaml is already in Ubuntu universe. + The package libfyaml build for the architectures it is designed to work on. + It currently builds and works for architectures: + amd64 amd64v3 arm64 armhf ppc64el riscv64 s390x + Link to package https://launchpad.net/ubuntu/+source/libfyaml - appstream (1.0.6-2 to 1.1.1-1) in proposed for 16 days + [Rationale] + - The package libfyaml is required in Ubuntu main as a new library for + parsing YAML + - The package libfyaml will not generally be useful for a large part of + our user base, but is important/helpful still because it is a library linked + by other projects + - Package libfyaml covers the same use case as libyaml, but is better because: + - It provides a better C API + - It is better maintained + - It has faster parsing speed than libyaml + - It is YAML 1.2 compmliant while libyaml is not + - This helps a lot with making the code more secure and deterministic + - This means that libfyaml is also a powerful JSON parser, which is now + a subset of YAML 1.2 + - It provides a zero-copy API which significantly reduces the memory used + while parsing and generating YAML. + - This helps when libfyaml is used by appstream to parse very large YAML + files like the AppStream data used to populate deb software stores like + GNOME Software, Plasma Discover (and possibly the Ubuntu App Center in + the future) + - The package libfyaml is a new runtime dependency of package + libappstream-compose0 that we already support + - Some other projects are already considering to port over to libfyaml: + - https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2078759/comments/36 + - We cannot fully replace libyaml because it still too many users that would + need to be ported, so both libraries would need to exist in main for a while + - There is no other/better way to solve this that is already in main or + should go universe->main instead of this. + - Porting all users of libyaml to libfyaml is a massive undertaking and + risks introducing issues if not done by the respective upstreams. + - Porting appstream back from libfyaml to libyaml is an equally large + undertaking, as the changes are large and the project has already started + using the new features of the libfyaml API. + - Freezing appstream to an older version that still uses libyaml is not + ideal. That would mean potentially freezing it forever. + - This is the first time package will be in main + - The binary packages libfyaml0 needs to be in main to satisfy a dependency + from libappstream-compose0 + - All other binary packages built by libfyaml should remain in universe - Component mismatch entries - libappstream-compose0/amd64 in main cannot depend on libfyaml0 in - ... + - The package libfyaml is required in Ubuntu main no later than Feb 19 + due to Resolut Raccoon feature freeze. - We need to review if libyaml in main would make sense - (maintenance/upstream status, quality, tests) and decide if we want to - MIR it (which might require porting other libyaml using main packages or - making a case for promoting the new one without demoting the existing - library) + [Security] + - No CVEs in this software in the past + - Some reported and addressed memory corruption issues: + - https://github.com/pantoniou/libfyaml/issues/122 + - https://github.com/pantoniou/libfyaml/issues/123 + - https://github.com/pantoniou/libfyaml/issues/118 + - https://github.com/pantoniou/libfyaml/issues/120 + - https://github.com/pantoniou/libfyaml/issues/121 + - https://github.com/pantoniou/libfyaml/issues/119 + - https://github.com/pantoniou/libfyaml/issues/101 + - https://github.com/pantoniou/libfyaml/issues/57 + - https://github.com/pantoniou/libfyaml/issues/56 + - Some reported and to-date unaddressed memory corruption issues: + - https://github.com/pantoniou/libfyaml/issues/134 + - https://github.com/pantoniou/libfyaml/issues/135 + - https://github.com/pantoniou/libfyaml/issues/132 + - https://github.com/pantoniou/libfyaml/issues/138 + - https://github.com/pantoniou/libfyaml/issues/133 + - https://github.com/pantoniou/libfyaml/issues/128 + - no `suid` or `sgid` binaries + - no executables in `/sbin` and `/usr/sbin` + - Package does not install services, timers or recurring jobs + - Packages does not open privileged ports (ports < 1024). + - Package does not expose any external endpoints + + [Quality assurance - function/usage] + - The package works well right after install + + [Quality assurance - maintenance] + - The package is maintained well in Debian/Ubuntu/Upstream and does + not have too many, long-term & critical, open bugs + - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libfyaml/+bug + - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libfyaml + - Upstream's bug tracker: https://github.com/pantoniou/libfyaml/issues + - The package does not deal with exotic hardware we cannot support + + [Quality assurance - testing] + - The package runs a test suite on build time, if it fails + it makes the build fail, https://launchpadlibrarian.net/827289425/buildlog_ubuntu-resolute-amd64.libfyaml_0.9-2_BUILDING.txt.gz + + - The package does not run an autopkgtest because upstream does not provide + an installed-tests testsuite; but one could be implemented downstream. + + - The libyaml0 package is also tested by the appstream package at build-time: + see "as-test_yaml" at https://launchpadlibrarian.net/827477512/buildlog_ubuntu-resolute-amd64.appstream_1.1.1-1_BUILDING.txt.gz + + [Quality assurance - packaging] + - debian/watch is present and works + + - debian/control defines a correct Maintainer field + + - This package does not yield massive lintian Warnings, Errors + - https://launchpadlibrarian.net/827289425/buildlog_ubuntu-resolute-amd64.libfyaml_0.9-2_BUILDING.txt.gz + TODO: - Please attach the full output you have got from + TODO: `lintian --pedantic` as an extra post to this bug. + - Lintian overrides are not present + + - This package does not rely on obsolete or about to be demoted packages. + - This package has no python2 or GTK2 dependencies + + - The package will be installed by default, but does not ask debconf + questions higher than medium + + - Packaging and build is easy, + https://salsa.debian.org/jlblancoc/libfyaml- + gbp/-/blob/master/debian/rules + + [UI standards] + - Application is not end-user facing (does not need translation) + + [Dependencies] + - Used check-mir from ubuntu-dev-tools to validate + all dependencies or recommends are in main. + + [Standards compliance] + - This package correctly follows FHS and Debian Policy + - libfyaml0/libfyaml-dev contain some GPL-2 symbols, despite the library + being MIT-licensed. + That implies that users of the library may be inadvertently violating the + GPL license. + All GPL-2 symbols were stripped in git master already, and I have asked the + maintainer to provide a new tagged release in reasonable time for 26.04 + + [Maintenance/Owner] + - I Suggest the owning team to be debcrafters + - The future owning team is not yet subscribed, but will subscribe to + the package before promotion + + - This does not use static builds + - This does not use vendored code + - This package is not rust based + + - The package has been built within the last 3 months in the archive + - Build link on launchpad: https://launchpad.net/ubuntu/+source/libfyaml/0.9-2 + + - This change will not impact other teams + + [Background information] + -The Package description explains the package well + - Upstream Name is libfyaml + - Link to upstream project https://github.com/pantoniou/libfyaml ** Description changed: [Availability] The package libfyaml is already in Ubuntu universe. The package libfyaml build for the architectures it is designed to work on. It currently builds and works for architectures: - amd64 amd64v3 arm64 armhf ppc64el riscv64 s390x + amd64 amd64v3 arm64 armhf ppc64el riscv64 s390x Link to package https://launchpad.net/ubuntu/+source/libfyaml [Rationale] - - The package libfyaml is required in Ubuntu main as a new library for - parsing YAML - - The package libfyaml will not generally be useful for a large part of - our user base, but is important/helpful still because it is a library linked - by other projects - - Package libfyaml covers the same use case as libyaml, but is better because: - - It provides a better C API - - It is better maintained - - It has faster parsing speed than libyaml - - It is YAML 1.2 compmliant while libyaml is not - - This helps a lot with making the code more secure and deterministic - - This means that libfyaml is also a powerful JSON parser, which is now - a subset of YAML 1.2 - - It provides a zero-copy API which significantly reduces the memory used - while parsing and generating YAML. - - This helps when libfyaml is used by appstream to parse very large YAML - files like the AppStream data used to populate deb software stores like - GNOME Software, Plasma Discover (and possibly the Ubuntu App Center in - the future) - - The package libfyaml is a new runtime dependency of package - libappstream-compose0 that we already support - - Some other projects are already considering to port over to libfyaml: - - https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2078759/comments/36 - - We cannot fully replace libyaml because it still too many users that would - need to be ported, so both libraries would need to exist in main for a while - - There is no other/better way to solve this that is already in main or - should go universe->main instead of this. - - Porting all users of libyaml to libfyaml is a massive undertaking and - risks introducing issues if not done by the respective upstreams. - - Porting appstream back from libfyaml to libyaml is an equally large - undertaking, as the changes are large and the project has already started - using the new features of the libfyaml API. - - Freezing appstream to an older version that still uses libyaml is not - ideal. That would mean potentially freezing it forever. - - This is the first time package will be in main - - The binary packages libfyaml0 needs to be in main to satisfy a dependency - from libappstream-compose0 - - All other binary packages built by libfyaml should remain in universe + - The package libfyaml is required in Ubuntu main as a new library for + parsing YAML + - The package libfyaml will not generally be useful for a large part of + our user base, but is important/helpful still because it is a library linked + by other projects + - Package libfyaml covers the same use case as libyaml, but is better because: + - It provides a better C API + - It is better maintained + - It has faster parsing speed than libyaml + - It is YAML 1.2 compmliant while libyaml is not + - This helps a lot with making the code more secure and deterministic + - This means that libfyaml is also a powerful JSON parser, which is now + a subset of YAML 1.2 + - It provides a zero-copy API which significantly reduces the memory used + while parsing and generating YAML. + - This helps when libfyaml is used by appstream to parse very large YAML + files like the AppStream data used to populate deb software stores like + GNOME Software, Plasma Discover (and possibly the Ubuntu App Center in + the future) + - The package libfyaml is a new runtime dependency of package + libappstream-compose0 that we already support + - Some other projects are already considering to port over to libfyaml: + - https://bugs.launchpad.net/ubuntu/+source/netplan.io/+bug/2078759/comments/36 + - We cannot fully replace libyaml because it still too many users that would + need to be ported, so both libraries would need to exist in main for a while + - There is no other/better way to solve this that is already in main or + should go universe->main instead of this. + - Porting all users of libyaml to libfyaml is a massive undertaking and + risks introducing issues if not done by the respective upstreams. + - Porting appstream back from libfyaml to libyaml is an equally large + undertaking, as the changes are large and the project has already started + using the new features of the libfyaml API. + - Freezing appstream to an older version that still uses libyaml is not + ideal. That would mean potentially freezing it forever. + - This is the first time package will be in main + - The binary packages libfyaml0 needs to be in main to satisfy a dependency + from libappstream-compose0 + - All other binary packages built by libfyaml should remain in universe - - The package libfyaml is required in Ubuntu main no later than Feb 19 - due to Resolut Raccoon feature freeze. + - The package libfyaml is required in Ubuntu main no later than Feb 19 + due to Resolut Raccoon feature freeze. [Security] - - No CVEs in this software in the past - - Some reported and addressed memory corruption issues: - - https://github.com/pantoniou/libfyaml/issues/122 - - https://github.com/pantoniou/libfyaml/issues/123 - - https://github.com/pantoniou/libfyaml/issues/118 - - https://github.com/pantoniou/libfyaml/issues/120 - - https://github.com/pantoniou/libfyaml/issues/121 - - https://github.com/pantoniou/libfyaml/issues/119 - - https://github.com/pantoniou/libfyaml/issues/101 - - https://github.com/pantoniou/libfyaml/issues/57 - - https://github.com/pantoniou/libfyaml/issues/56 - - Some reported and to-date unaddressed memory corruption issues: - - https://github.com/pantoniou/libfyaml/issues/134 - - https://github.com/pantoniou/libfyaml/issues/135 - - https://github.com/pantoniou/libfyaml/issues/132 - - https://github.com/pantoniou/libfyaml/issues/138 - - https://github.com/pantoniou/libfyaml/issues/133 - - https://github.com/pantoniou/libfyaml/issues/128 - - no `suid` or `sgid` binaries - - no executables in `/sbin` and `/usr/sbin` - - Package does not install services, timers or recurring jobs - - Packages does not open privileged ports (ports < 1024). - - Package does not expose any external endpoints + - No CVEs in this software in the past + - Some reported and addressed memory corruption issues: + - https://github.com/pantoniou/libfyaml/issues/122 + - https://github.com/pantoniou/libfyaml/issues/123 + - https://github.com/pantoniou/libfyaml/issues/118 + - https://github.com/pantoniou/libfyaml/issues/120 + - https://github.com/pantoniou/libfyaml/issues/121 + - https://github.com/pantoniou/libfyaml/issues/119 + - https://github.com/pantoniou/libfyaml/issues/101 + - https://github.com/pantoniou/libfyaml/issues/57 + - https://github.com/pantoniou/libfyaml/issues/56 + - Some reported and to-date unaddressed memory corruption issues: + - https://github.com/pantoniou/libfyaml/issues/134 + - https://github.com/pantoniou/libfyaml/issues/135 + - https://github.com/pantoniou/libfyaml/issues/132 + - https://github.com/pantoniou/libfyaml/issues/138 + - https://github.com/pantoniou/libfyaml/issues/133 + - https://github.com/pantoniou/libfyaml/issues/128 + - no `suid` or `sgid` binaries + - no executables in `/sbin` and `/usr/sbin` + - Package does not install services, timers or recurring jobs + - Packages does not open privileged ports (ports < 1024). + - Package does not expose any external endpoints [Quality assurance - function/usage] - - The package works well right after install + - The package works well right after install [Quality assurance - maintenance] - - The package is maintained well in Debian/Ubuntu/Upstream and does - not have too many, long-term & critical, open bugs - - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libfyaml/+bug - - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libfyaml - - Upstream's bug tracker: https://github.com/pantoniou/libfyaml/issues - - The package does not deal with exotic hardware we cannot support + - The package is maintained well in Debian/Ubuntu/Upstream and does + not have too many, long-term & critical, open bugs + - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libfyaml/+bug + - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libfyaml + - Upstream's bug tracker: https://github.com/pantoniou/libfyaml/issues + - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - - The package runs a test suite on build time, if it fails - it makes the build fail, https://launchpadlibrarian.net/827289425/buildlog_ubuntu-resolute-amd64.libfyaml_0.9-2_BUILDING.txt.gz + - The package runs a test suite on build time, if it fails + it makes the build fail, https://launchpadlibrarian.net/827289425/buildlog_ubuntu-resolute-amd64.libfyaml_0.9-2_BUILDING.txt.gz - - The package does not run an autopkgtest because upstream does not provide - an installed-tests testsuite; but one could be implemented downstream. + - The package does not run an autopkgtest because upstream does not provide + an installed-tests testsuite; but one could be implemented downstream. - - The libyaml0 package is also tested by the appstream package at build-time: - see "as-test_yaml" at https://launchpadlibrarian.net/827477512/buildlog_ubuntu-resolute-amd64.appstream_1.1.1-1_BUILDING.txt.gz + - The libyaml0 package is also tested by the appstream package at build-time: + see "as-test_yaml" at https://launchpadlibrarian.net/827477512/buildlog_ubuntu-resolute-amd64.appstream_1.1.1-1_BUILDING.txt.gz [Quality assurance - packaging] - - debian/watch is present and works + - debian/watch is present and works - - debian/control defines a correct Maintainer field + - debian/control defines a correct Maintainer field - - This package does not yield massive lintian Warnings, Errors - - https://launchpadlibrarian.net/827289425/buildlog_ubuntu-resolute-amd64.libfyaml_0.9-2_BUILDING.txt.gz - TODO: - Please attach the full output you have got from - TODO: `lintian --pedantic` as an extra post to this bug. - - Lintian overrides are not present + - This package does not yield massive lintian Warnings, Errors + - https://launchpadlibrarian.net/827289425/buildlog_ubuntu-resolute-amd64.libfyaml_0.9-2_BUILDING.txt.gz + - lintian --pedantic: https://bugs.launchpad.net/ubuntu/+source/libfyaml/+bug/2131216/comments/2 + - Lintian overrides are not present - - This package does not rely on obsolete or about to be demoted packages. - - This package has no python2 or GTK2 dependencies + - This package does not rely on obsolete or about to be demoted packages. + - This package has no python2 or GTK2 dependencies - - The package will be installed by default, but does not ask debconf - questions higher than medium + - The package will be installed by default, but does not ask debconf + questions higher than medium - - Packaging and build is easy, + - Packaging and build is easy, https://salsa.debian.org/jlblancoc/libfyaml- gbp/-/blob/master/debian/rules [UI standards] - - Application is not end-user facing (does not need translation) + - Application is not end-user facing (does not need translation) [Dependencies] - - Used check-mir from ubuntu-dev-tools to validate - all dependencies or recommends are in main. + - Used check-mir from ubuntu-dev-tools to validate + all dependencies or recommends are in main. [Standards compliance] - - This package correctly follows FHS and Debian Policy - - libfyaml0/libfyaml-dev contain some GPL-2 symbols, despite the library - being MIT-licensed. - That implies that users of the library may be inadvertently violating the - GPL license. - All GPL-2 symbols were stripped in git master already, and I have asked the - maintainer to provide a new tagged release in reasonable time for 26.04 + - This package correctly follows FHS and Debian Policy + - libfyaml0/libfyaml-dev contain some GPL-2 symbols, despite the library + being MIT-licensed. + That implies that users of the library may be inadvertently violating the + GPL license. + All GPL-2 symbols were stripped in git master already, and I have asked the + maintainer to provide a new tagged release in reasonable time for 26.04 [Maintenance/Owner] - - I Suggest the owning team to be debcrafters - - The future owning team is not yet subscribed, but will subscribe to - the package before promotion + - I Suggest the owning team to be debcrafters + - The future owning team is not yet subscribed, but will subscribe to + the package before promotion - - This does not use static builds - - This does not use vendored code - - This package is not rust based + - This does not use static builds + - This does not use vendored code + - This package is not rust based - - The package has been built within the last 3 months in the archive - - Build link on launchpad: https://launchpad.net/ubuntu/+source/libfyaml/0.9-2 + - The package has been built within the last 3 months in the archive + - Build link on launchpad: https://launchpad.net/ubuntu/+source/libfyaml/0.9-2 - - This change will not impact other teams + - This change will not impact other teams [Background information] - -The Package description explains the package well - - Upstream Name is libfyaml - - Link to upstream project https://github.com/pantoniou/libfyaml + -The Package description explains the package well + - Upstream Name is libfyaml + - Link to upstream project https://github.com/pantoniou/libfyaml ** Changed in: libfyaml (Ubuntu) Status: Incomplete => New ** Changed in: libfyaml (Ubuntu) Assignee: Alessandro Astone (aleasto) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2131216 Title: [MIR] libfyaml To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libfyaml/+bug/2131216/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
