** Description changed:
- server team tbd
+ [Availability]
+ The package iotop-c is already in Ubuntu universe.
+ The package iotop-c build for the architectures it is designed to work on.
+ It currently builds and works for architectures: amd64 arm64 armhf ppc64el
riscv64 s390x
+ Link to package: https://launchpad.net/ubuntu/+source/iotop-c
+
+ [Rationale]
+ iotop-c (https://github.com/Tomas-M/iotop) is a maintained and improved
version of the obsolete (and seems unmaintained) iotop.
+ We want to promote iotop-c to main and demote iotop, as the former seems to
be the best choice for Ubuntu moving forward.
+ Other distributions, such as Fedora, have already replaced iotop with
iotop-c. See: https://fedoraproject.org/wiki/Changes/Replace_iotop_with_iotop-c
+
+ This is the first time package will be in main.
+
+ The source builds a single binary package, iotop-c, and the debug
+ symbols.
+
+ The package iotop-c is required in Ubuntu main no later than Feature
+ Freeze - but the sooner the better, as always (:
+
+ [Security]
+ The package had apparently no security issues in the past.
+ - checked https://cve.mitre.org/cve/search_cve_list.html
+ - checked 'site:www.openwall.com/lists/oss-security iotop iotop-c'
+ - checked https://ubuntu.com/security/cve?package=iotop-c
+ - chcked https://security-tracker.debian.org/tracker/source-package/iotop-c
+ And there is nothing
+
+ No `suid` or `sgid` binaries
+ Binary `iotop-c` (linked to `iotop`, and alternatives) in sbin. It is no
problem because it is a system administration tool, which requires access to
root privileges and kernel space information. i.e. The current python
implementation of `iotop` is in sbin as well. The same scrutinity applied to
the iotop maintenance apply to iotop-c.
+ The package does not install services, timers or recurring jobs
+
+ I am not a security specialist but there is no clear sign of dangerous
patterns - except being in sbin, discussed above. A security person should
definitely have the word here.
+ The packages does not open privileged ports (ports < 1024).
+ The package does not expose any external endpoints.
+ The package does not contain extensions.
+
+ [Quality assurance - function/usage]
+ The package works well right after install
+
+ [Quality assurance - maintenance]
+ The package is maintained well in Debian/Ubuntu/Upstream and does
+ not have any long-term and/or critical open bugs
+ - Ubuntu https://bugs.launchpad.net/ubuntu/+source/iotop-c/+bug
+ - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=iotop-c
+ - Upstream https://github.com/Tomas-M/iotop/issues
+
+ The package does not deal with exotic hardware we cannot support
+
+ [Quality assurance - testing]
+ The package does not run a test at build time because upstream has no test
suite in place.
+ There were no autopkgtests either, but I added some, as seen in
https://launchpad.net/~rr/+archive/ubuntu/mir-iotop-c
+ This ubuntu2 version should land in the archive soon, I will update this bug
once it happens.
+
+ The package does have not failing autopkgtests right now, as seen in the
+ test runs for this PPA.
+
+ [Quality assurance - packaging]
+ debian/watch is present and works
+ debian/control defines a correct Maintainer field
+
+ This package does not yield massive lintian Warnings, Errors
+ Link to a recent build log of the package:
https://launchpadlibrarian.net/842411153/buildlog_ubuntu-resolute-amd64.iotop-c_1.30-1~ppabuild1_BUILDING.txt.gz
+ Lintian overrides are not present
+
+ This package does not rely on obsolete or about to be demoted packages.
+ This package has no python2 or GTK2 dependencies.
+
+ The package will not be installed by default
+
+ Packaging and build is easy, link to debian/rules:
+ https://git.launchpad.net/ubuntu/+source/iotop-c/tree/debian/rules
+
+ [UI standards]
+ Application is end-user facing, but a terminal-only tool, no desktop files
included.
+ Translation is not present, but also less relevant for a system
administration terminal tool.
+
+ [Dependencies]
+ Used check-mir from ubuntu-dev-tools to validate all dependencies or
recommends are in main.
+
+ [Standards compliance]
+ This package correctly follows FHS and Debian Policy
+
+ [Maintenance/Owner]
+ The owning team will be Ubuntu Server, and I have their acknowledgment for
that commitment
+ The team is not yet subscribed, but will subscribe to the package before
promotion - proof will be attached here.
+ <TBD>
+ This MIR will also allow Ubuntu Server to unsubscribe from iotop and demote
it.
+
+ This does not use static builds
+ This does not use vendored code
+ This package is not rust based
+
+ The package has been built within the last 3 months in PPA:
+ https://launchpadlibrarian.net/842411153/buildlog_ubuntu-resolute-
+ amd64.iotop-c_1.30-1~ppabuild1_BUILDING.txt.gz
+
+ This change will not impact other teams.
+
+ [Background information]
+
+ The Package description explains the package well
+ Upstream Name is iotop (as it's an alternative/replacement to iotop)
+ Link to upstream project: https://github.com/Tomas-M/iotop
** Changed in: iotop-c (Ubuntu)
Assignee: Renan Rodrigo (rr) => (unassigned)
** Changed in: iotop-c (Ubuntu)
Status: In Progress => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2137520
Title:
[MIR] iotop-c
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iotop-c/+bug/2137520/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
