** Description changed: [Availability] The package iotop-c is already in Ubuntu universe. The package iotop-c build for the architectures it is designed to work on. It currently builds and works for architectures: amd64 arm64 armhf ppc64el riscv64 s390x Link to package: https://launchpad.net/ubuntu/+source/iotop-c [Rationale] iotop-c (https://github.com/Tomas-M/iotop) is a maintained and improved version of the obsolete (and seems unmaintained) iotop. We want to promote iotop-c to main and demote iotop, as the former seems to be the best choice for Ubuntu moving forward. Other distributions, such as Fedora, have already replaced iotop with iotop-c. See: https://fedoraproject.org/wiki/Changes/Replace_iotop_with_iotop-c This is the first time package will be in main. The source builds a single binary package, iotop-c, and the debug symbols. The package iotop-c is required in Ubuntu main no later than Feature Freeze - but the sooner the better, as always (: [Security] The package had apparently no security issues in the past. - checked https://cve.mitre.org/cve/search_cve_list.html - checked 'site:www.openwall.com/lists/oss-security iotop iotop-c' - checked https://ubuntu.com/security/cve?package=iotop-c - chcked https://security-tracker.debian.org/tracker/source-package/iotop-c And there is nothing No `suid` or `sgid` binaries Binary `iotop-c` (linked to `iotop`, and alternatives) in sbin. It is no problem because it is a system administration tool, which requires access to root privileges and kernel space information. i.e. The current python implementation of `iotop` is in sbin as well. The same scrutinity applied to the iotop maintenance apply to iotop-c. The package does not install services, timers or recurring jobs I am not a security specialist but there is no clear sign of dangerous patterns - except being in sbin, discussed above. A security person should definitely have the word here. The packages does not open privileged ports (ports < 1024). The package does not expose any external endpoints. The package does not contain extensions. [Quality assurance - function/usage] The package works well right after install [Quality assurance - maintenance] The package is maintained well in Debian/Ubuntu/Upstream and does not have any long-term and/or critical open bugs - - Ubuntu https://bugs.launchpad.net/ubuntu/+source/iotop-c/+bug - - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=iotop-c - - Upstream https://github.com/Tomas-M/iotop/issues + - Ubuntu https://bugs.launchpad.net/ubuntu/+source/iotop-c/+bug + - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=iotop-c + - Upstream https://github.com/Tomas-M/iotop/issues The package does not deal with exotic hardware we cannot support [Quality assurance - testing] The package does not run a test at build time because upstream has no test suite in place. There were no autopkgtests either, but I added some, as seen in https://launchpad.net/~rr/+archive/ubuntu/mir-iotop-c This ubuntu2 version should land in the archive soon, I will update this bug once it happens. The package does have not failing autopkgtests right now, as seen in the test runs for this PPA. [Quality assurance - packaging] debian/watch is present and works debian/control defines a correct Maintainer field This package does not yield massive lintian Warnings, Errors - Link to a recent build log of the package: https://launchpadlibrarian.net/842411153/buildlog_ubuntu-resolute-amd64.iotop-c_1.30-1~ppabuild1_BUILDING.txt.gz + Link to a recent build log of the package: check builds in https://launchpad.net/~rr/+archive/ubuntu/mir-iotop-c Lintian overrides are not present This package does not rely on obsolete or about to be demoted packages. This package has no python2 or GTK2 dependencies. The package will not be installed by default Packaging and build is easy, link to debian/rules: https://git.launchpad.net/ubuntu/+source/iotop-c/tree/debian/rules [UI standards] Application is end-user facing, but a terminal-only tool, no desktop files included. Translation is not present, but also less relevant for a system administration terminal tool. [Dependencies] Used check-mir from ubuntu-dev-tools to validate all dependencies or recommends are in main. [Standards compliance] This package correctly follows FHS and Debian Policy [Maintenance/Owner] The owning team will be Ubuntu Server, and I have their acknowledgment for that commitment The team is not yet subscribed, but will subscribe to the package before promotion - proof will be attached here. <TBD> This MIR will also allow Ubuntu Server to unsubscribe from iotop and demote it. This does not use static builds This does not use vendored code This package is not rust based The package has been built within the last 3 months in PPA: https://launchpadlibrarian.net/842411153/buildlog_ubuntu-resolute- amd64.iotop-c_1.30-1~ppabuild1_BUILDING.txt.gz This change will not impact other teams. [Background information] The Package description explains the package well Upstream Name is iotop (as it's an alternative/replacement to iotop) Link to upstream project: https://github.com/Tomas-M/iotop
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2137520 Title: [MIR] iotop-c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iotop-c/+bug/2137520/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
