$ lintian --pedantic ./rust-sequoia-sq_1.3.1-6ubuntu1.dsc E: rust-sequoia-sq source: field-too-long Vendored-Sources-Rust (5939 chars > 5000) W: rust-sequoia-sq source: unknown-field Vendored-Sources-Rust
** Description changed: - TBD, split out of 2089690 + [Availability] + The package rust-sequoia-sq is already in Ubuntu universe. + The package rust-sequoia-sq build for the architectures it is designed to work on. + It currently builds and works for all architectures. + Link to package https://launchpad.net/ubuntu/+source/rust-sequoia-sq + + [Rationale] + RULE: There must be a certain level of demand for the package + + The package rust-sequoia-sq is required in Ubuntu main since + Sequoia is becoming the standard OpenPGP implementation in competing Linux + distributions such as RHEL. + + We want to eventually replace gnupg2 with Sequoia as the standard for + Ubuntu. + + - The package rust-sequoia-sq will generally be useful for a large part of + our user base as it makes PGP easier to use. + - This is the first time package will be in main + - The binary package sq needs to be in main to replace gnupg2. + + - The package rust-sequoia-sq is required in Ubuntu main no later than 26.10 + to sufficiently test it. + + [Security] + - No CVEs/security issues in this software in the past + + (to my awareness) + + - no `suid` or `sgid` binaries + - no executables in `/sbin` and `/usr/sbin` + - Package does not install services, timers or recurring jobs + - Security has been kept in mind and common isolation/risk-mitigation + patterns are in place utilizing the following features: + - The program is written in a memory safe language + - Packages does not open privileged ports (ports < 1024). + - Package does not expose any external endpoints + + [Quality assurance - function/usage] + - The package works well right after install + + [Quality assurance - maintenance] + - The package is maintained well in Debian/Ubuntu/Upstream and does + not have too many, long-term & critical, open bugs + - Ubuntu https://bugs.launchpad.net/ubuntu/+source/rust-sequoia-sq/+bug + - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=rust-sequoia-sq + - Upstream's bug tracker https://gitlab.com/sequoia-pgp/sequoia-sq + - The package does not deal with exotic hardware we cannot support + + [Quality assurance - testing] + - The package runs a test suite on build time, if it fails + it makes the build fail, link to build log TBD + + - The package does not run an autopkgtest because given the vendored + dependencies it is not super useful. + + - The package does have not failing autopkgtests right now + + [Quality assurance - packaging] + - A mechanism to detect and fetch new upstream versions is present and works + + - debian/control defines a correct Maintainer field + - This package does not yield massive lintian Warnings, Errors + - Please link to a recent build log of the package: + https://launchpadlibrarian.net/852230714/buildlog_ubuntu-resolute-amd64.rust-sequoia-sq_1.3.1-6ubuntu1~resolute2_BUILDING.txt.gz + - Lintian overrides are present, but ok because they affect unimportant an + unimportant error related to rust packaging (X-Cargo-Built-Using) + + - This package does not rely on obsolete or about to be demoted packages. + - This package has no python2 or GTK2 dependencies + + - The package will not be installed by default + + - Packaging is complex, but that is ok because it is a rust package with + vendored dependencies. The majority of the rules relate to the maintenance of + the vendored dependencies, which is a common case for rust packages in main. + + + [UI standards] + - Application is possibly end-user facing, but does not have any explicit + explicit translations present. The packages source code does not support + internationalization systems. + + - End-user applications without desktop file, not needed because it is a CLI + tool. + + [Dependencies] + - Used check-mir from ubuntu-dev-tools to validate + all dependencies or recommends are in main. + + [Standards compliance] + - This package correctly follows FHS and Debian Policy + + [Maintenance/Owner] + - The owning team will be Ubuntu Foundations and I have their acknowledgment for + that commitment + - The future owning team is not yet subscribed, but will subscribe to + the package before promotion + + - The team Ubuntu Foundations is aware of the implications by a static build and + commits to test no-change-rebuilds and to fix any issues found for the + lifetime of the release (including ESM). + + - The team Ubuntu Foundations is aware of the implications of vendored code and (as + alerted by the security team) commits to provide updates and backports + to the security team for any affected vendored code for the lifetime + of the release (including ESM). + + - This package uses vendored code, refreshing that code is outlined + in debian/README.source (in proposed merge). + + - This package is rust based and vendors all non language-runtime + dependencies + + - The package has been built within the last 3 months in PPA + - Build link on launchpad: + https://launchpad.net/~bamf0/+archive/ubuntu/rust-sequoia-sq-sqv-mir-lp2089690/+packages + + - This package is rust based and vendors all non language-runtime + dependencies. + + - This change will impact other teams Foundations and Security Engineering + and they are aware due to previous discussions regarding the transition. + + [Background information] + - The Package description explains the package well + - Upstream Name is rust-sequoia-sq + - Link to upstream project https://gitlab.com/sequoia-pgp/sequoia-sq ** Description changed: [Availability] The package rust-sequoia-sq is already in Ubuntu universe. The package rust-sequoia-sq build for the architectures it is designed to work on. It currently builds and works for all architectures. Link to package https://launchpad.net/ubuntu/+source/rust-sequoia-sq [Rationale] - RULE: There must be a certain level of demand for the package - The package rust-sequoia-sq is required in Ubuntu main since Sequoia is becoming the standard OpenPGP implementation in competing Linux distributions such as RHEL. We want to eventually replace gnupg2 with Sequoia as the standard for Ubuntu. - The package rust-sequoia-sq will generally be useful for a large part of - our user base as it makes PGP easier to use. + our user base as it makes PGP easier to use. - This is the first time package will be in main - The binary package sq needs to be in main to replace gnupg2. - The package rust-sequoia-sq is required in Ubuntu main no later than 26.10 - to sufficiently test it. + to sufficiently test it. [Security] - No CVEs/security issues in this software in the past (to my awareness) - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs - Security has been kept in mind and common isolation/risk-mitigation - patterns are in place utilizing the following features: - - The program is written in a memory safe language + patterns are in place utilizing the following features: + - The program is written in a memory safe language - Packages does not open privileged ports (ports < 1024). - Package does not expose any external endpoints [Quality assurance - function/usage] - The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream and does - not have too many, long-term & critical, open bugs - - Ubuntu https://bugs.launchpad.net/ubuntu/+source/rust-sequoia-sq/+bug - - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=rust-sequoia-sq - - Upstream's bug tracker https://gitlab.com/sequoia-pgp/sequoia-sq + not have too many, long-term & critical, open bugs + - Ubuntu https://bugs.launchpad.net/ubuntu/+source/rust-sequoia-sq/+bug + - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=rust-sequoia-sq + - Upstream's bug tracker https://gitlab.com/sequoia-pgp/sequoia-sq - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - The package runs a test suite on build time, if it fails - it makes the build fail, link to build log TBD + it makes the build fail, link to build log TBD - The package does not run an autopkgtest because given the vendored - dependencies it is not super useful. + dependencies it is not super useful. - The package does have not failing autopkgtests right now [Quality assurance - packaging] - A mechanism to detect and fetch new upstream versions is present and works - debian/control defines a correct Maintainer field - This package does not yield massive lintian Warnings, Errors - Please link to a recent build log of the package: - https://launchpadlibrarian.net/852230714/buildlog_ubuntu-resolute-amd64.rust-sequoia-sq_1.3.1-6ubuntu1~resolute2_BUILDING.txt.gz + https://launchpadlibrarian.net/852230714/buildlog_ubuntu-resolute-amd64.rust-sequoia-sq_1.3.1-6ubuntu1~resolute2_BUILDING.txt.gz - Lintian overrides are present, but ok because they affect unimportant an - unimportant error related to rust packaging (X-Cargo-Built-Using) + unimportant error related to rust packaging (X-Cargo-Built-Using) - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies - The package will not be installed by default - Packaging is complex, but that is ok because it is a rust package with vendored dependencies. The majority of the rules relate to the maintenance of the vendored dependencies, which is a common case for rust packages in main. - [UI standards] - Application is possibly end-user facing, but does not have any explicit - explicit translations present. The packages source code does not support - internationalization systems. + explicit translations present. The packages source code does not support + internationalization systems. - End-user applications without desktop file, not needed because it is a CLI - tool. + tool. [Dependencies] - Used check-mir from ubuntu-dev-tools to validate - all dependencies or recommends are in main. + all dependencies or recommends are in main. [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - The owning team will be Ubuntu Foundations and I have their acknowledgment for - that commitment + that commitment - The future owning team is not yet subscribed, but will subscribe to - the package before promotion + the package before promotion - The team Ubuntu Foundations is aware of the implications by a static build and - commits to test no-change-rebuilds and to fix any issues found for the - lifetime of the release (including ESM). + commits to test no-change-rebuilds and to fix any issues found for the + lifetime of the release (including ESM). - The team Ubuntu Foundations is aware of the implications of vendored code and (as - alerted by the security team) commits to provide updates and backports - to the security team for any affected vendored code for the lifetime - of the release (including ESM). + alerted by the security team) commits to provide updates and backports + to the security team for any affected vendored code for the lifetime + of the release (including ESM). - This package uses vendored code, refreshing that code is outlined - in debian/README.source (in proposed merge). + in debian/README.source (in proposed merge). - This package is rust based and vendors all non language-runtime - dependencies + dependencies - The package has been built within the last 3 months in PPA - Build link on launchpad: - https://launchpad.net/~bamf0/+archive/ubuntu/rust-sequoia-sq-sqv-mir-lp2089690/+packages + https://launchpad.net/~bamf0/+archive/ubuntu/rust-sequoia-sq-sqv-mir-lp2089690/+packages - This package is rust based and vendors all non language-runtime - dependencies. + dependencies. - This change will impact other teams Foundations and Security Engineering - and they are aware due to previous discussions regarding the transition. + and they are aware due to previous discussions regarding the transition. [Background information] - The Package description explains the package well - Upstream Name is rust-sequoia-sq - Link to upstream project https://gitlab.com/sequoia-pgp/sequoia-sq -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2121154 Title: [MIR] rust-sequoia-sq To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rust-sequoia-sq/+bug/2121154/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
