Public bug reported: [Availability] The package uwsgi-plugin-python is already in Ubuntu universe. The package uwsgi-plugin-python builds for the architectures it is designed to work on. It currently builds and works for architectures: amd64, amd64v3, arm64, armhf, ppc64el, riscv64, s390x Link to package https://launchpad.net/ubuntu/+source/uwsgi-plugin-python
[Rationale] - The package uswgi-plugin-python is required in Ubuntu main as a runtime dependency of uwsgi which has a proposed MIR as a new runtime requirement for OpenStack packages. Since Questing, plugins have been split away from the main uwsgi source package. This package https://bugs.launchpad.net/ubuntu/+source/uwsgi/+bug/2151202 - The package uwsgi-plugin-python will not generally be useful for a large part of our user base, but is important/helpful still because it is a new runtime requirement for uwsgi -> OpenStack packages - There is no other/better way to solve this that is already in main or should go universe->main instead of this. - This is the first time the package will be in main. - The binary package uwsgi-plugin-python3 needs to be in main to satisfy the runtime dependency of uwsgi for OpenStack services. - All other binary packages built by uwsgi-plugin-python (uwsgi-plugin-gevent-python3, uwsgi-plugin-greenlet-python3, uwsgi-plugin-tornado-python3) should remain in universe; OpenStack only requires the plain Python 3 WSGI plugin. - The package uwsgi-plugin-python is required in Ubuntu main no later than Stonking feature freeze due to it being a runtime requirement for the Hibiscus OpenStack release [Security] - No CVEs/security issues in this software in the past. The source package uwsgi-plugin-python is a new (since Questing) split-out from uwsgi; security history for the plugin code itself lives with the uwsgi source package, which is being MIRed separately. - https://ubuntu.com/security/cves?package=uwsgi-plugin-python - https://security-tracker.debian.org/tracker/source-package/uwsgi-plugin-python - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs. It installs loadable uwsgi plugins (`*_plugin.so`) plus a small wrapper script `/usr/bin/uwsgi_python3`; the uwsgi source package owns the systemd units. - Security has been kept in mind and common isolation/risk-mitigation patterns are in place utilizing the following features: the plugin itself runs inside the uwsgi worker process, whose isolation (privilege dropping via uid/gid, chroot, cap-drop, namespaces, etc.) is configured by the operator through uwsgi. The plugin does not bypass or weaken those mechanisms. Apparmor confinement of the uwsgi service is provided by the uwsgi package. - Package does not open privileged ports (ports < 1024). Listening sockets are configured by the operator on the uwsgi side. - Package does not expose any external endpoints directly; it provides a WSGI loader consumed by uwsgi. - Package does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...). It is itself a plugin to uwsgi, but is in-tree upstream code, not a third-party extension. [Quality assurance - function/usage] - The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream and does not have too many, long-term & critical, open bugs. - Ubuntu https://bugs.launchpad.net/ubuntu/+source/uwsgi-plugin-python/+bug - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=uwsgi-plugin-python - Upstream (uwsgi) bug tracker: https://github.com/unbit/uwsgi/issues - The package has no important open bugs at this time. - The package does not deal with exotic hardware we cannot support. [Quality assurance - testing] - The package runs a test suite on build time, if it fails it makes the build fail; the build invokes upstream's plugin build via `uwsgi --build-plugin` and help2man-generated manpage regeneration. Link to build log: https://launchpad.net/ubuntu/+source/uwsgi-plugin-python/0.0.2build4 - The package runs an autopkgtest (`debian/tests/integration`, taken from upstream tests as of 0.0.2), and is currently passing on amd64, arm64, armhf, ppc64el, riscv64, s390x. Test logs: https://autopkgtest.ubuntu.com/packages/u/uwsgi-plugin-python - The package does not have failing autopkgtests right now. [Quality assurance - packaging] - A mechanism to detect and fetch new upstream versions is not present because it is a native package. The source ships only Debian packaging; the actual plugin source code is pulled at build time from the `uwsgi-src` binary package (which carries the upstream watch file). debian/README.source documents this construction. - debian/control defines a correct Maintainer field (Debian uWSGI packaging team). The package is currently maintained as a sync from Debian; an Ubuntu delta would trigger `update-maintainer`. - This package does not yield massive lintian Warnings or Errors. - Recent build log: https://launchpad.net/ubuntu/+source/uwsgi-plugin-python/0.0.2build4 - Full `lintian --pedantic` output attached as a separate comment on this bug. - Lintian overrides are not present. - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies (Python 3 only). - The package will not be installed by default; it is pulled in transitively by uwsgi via OpenStack server packages. - Packaging and build is easy. Link to debian/rules: https://salsa.debian.org/uwsgi-team/uwsgi-plugin-python/-/blob/debian/latest/debian/rules [UI standards] - Application is not end-user facing (does not need translation). It is a server-side uwsgi plugin. - End-user applications without desktop file, not needed because this is a server-side plugin with no GUI. [Dependencies] - Used `check-mir` from ubuntu-dev-tools to validate all dependencies or recommends are in main. Direct runtime dependencies for uwsgi-plugin-python3 are python3 (main), libc and uwsgi (uwsgi MIR is the companion bug LP: #2151202). The gevent/greenlet/tornado binaries (which stay in universe) depend on python3-gevent / python3-greenlet (universe) and are out of scope. [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - The owning team will be the Ubuntu OpenStack team (~ubuntu-openstack) and I have their acknowledgment for that commitment. - The future owning team is not yet subscribed, but will subscribe to the package before promotion. - This does not use static builds. - This does not use vendored code. - This does not use vendored code (refresh mechanism N/A). - This does not use vendored code (copyright N/A). - This package is not rust based. - The package has been built within the last 3 months in the archive (0.0.2build4 uploaded 2026-03-20). - Build link on launchpad: https://launchpad.net/ubuntu/+source/uwsgi-plugin-python/0.0.2build4 This change will not impact other teams beyond the OpenStack consumers that are driving the request, and the Server team who co-owns uwsgi packaging and is aware via the companion uwsgi MIR (LP: #2151202). [Background information] The Package description explains the package well Upstream Name is N/A - Debian native package (subset of uwsgi) ** Affects: uwsgi-plugin-python (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2152614 Title: [MIR] uwsgi-plugin-python To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/uwsgi-plugin-python/+bug/2152614/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
