** Description changed: [Availability] The package uwsgi-plugin-python is already in Ubuntu universe. The package uwsgi-plugin-python builds for the architectures it is designed to work on. It currently builds and works for architectures: amd64, amd64v3, arm64, armhf, ppc64el, riscv64, s390x Link to package https://launchpad.net/ubuntu/+source/uwsgi-plugin-python [Rationale] - - The package uswgi-plugin-python is required in Ubuntu main as a runtime dependency of uwsgi which has a proposed MIR as a new runtime requirement for OpenStack packages. Since Questing, plugins have been split away from the main uwsgi source package. This package + - The package uswgi-plugin-python is required in Ubuntu main as a runtime dependency of uwsgi which has a proposed MIR as a new runtime requirement for OpenStack packages. Since Questing, plugins have been split away from the main uwsgi source package. https://bugs.launchpad.net/ubuntu/+source/uwsgi/+bug/2151202 - The package uwsgi-plugin-python will not generally be useful for a large part of - our user base, but is important/helpful still because it is a new runtime requirement for uwsgi -> OpenStack packages + our user base, but is important/helpful still because it is a new runtime requirement for uwsgi -> OpenStack packages - There is no other/better way to solve this that is already in main or - should go universe->main instead of this. + should go universe->main instead of this. - This is the first time the package will be in main. - The binary package uwsgi-plugin-python3 needs to be in main to satisfy the - runtime dependency of uwsgi for OpenStack services. + runtime dependency of uwsgi for OpenStack services. - All other binary packages built by uwsgi-plugin-python (uwsgi-plugin-gevent-python3, - uwsgi-plugin-greenlet-python3, uwsgi-plugin-tornado-python3) should remain in - universe; OpenStack only requires the plain Python 3 WSGI plugin. + uwsgi-plugin-greenlet-python3, uwsgi-plugin-tornado-python3) should remain in + universe; OpenStack only requires the plain Python 3 WSGI plugin. - The package uwsgi-plugin-python is required in Ubuntu main no later than Stonking feature freeze due to it being a runtime requirement for the Hibiscus OpenStack release [Security] - No CVEs/security issues in this software in the past. The source package - uwsgi-plugin-python is a new (since Questing) split-out from uwsgi; security - history for the plugin code itself lives with the uwsgi source package, which - is being MIRed separately. - - https://ubuntu.com/security/cves?package=uwsgi-plugin-python - - https://security-tracker.debian.org/tracker/source-package/uwsgi-plugin-python + uwsgi-plugin-python is a new (since Questing) split-out from uwsgi; security + history for the plugin code itself lives with the uwsgi source package, which + is being MIRed separately. + - https://ubuntu.com/security/cves?package=uwsgi-plugin-python + - https://security-tracker.debian.org/tracker/source-package/uwsgi-plugin-python - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs. It installs - loadable uwsgi plugins (`*_plugin.so`) plus a small wrapper script - `/usr/bin/uwsgi_python3`; the uwsgi source package owns the systemd units. + loadable uwsgi plugins (`*_plugin.so`) plus a small wrapper script + `/usr/bin/uwsgi_python3`; the uwsgi source package owns the systemd units. - Security has been kept in mind and common isolation/risk-mitigation patterns - are in place utilizing the following features: the plugin itself runs inside - the uwsgi worker process, whose isolation (privilege dropping via uid/gid, - chroot, cap-drop, namespaces, etc.) is configured by the operator through - uwsgi. The plugin does not bypass or weaken those mechanisms. Apparmor - confinement of the uwsgi service is provided by the uwsgi package. + are in place utilizing the following features: the plugin itself runs inside + the uwsgi worker process, whose isolation (privilege dropping via uid/gid, + chroot, cap-drop, namespaces, etc.) is configured by the operator through + uwsgi. The plugin does not bypass or weaken those mechanisms. Apparmor + confinement of the uwsgi service is provided by the uwsgi package. - Package does not open privileged ports (ports < 1024). Listening sockets are - configured by the operator on the uwsgi side. + configured by the operator on the uwsgi side. - Package does not expose any external endpoints directly; it provides a WSGI - loader consumed by uwsgi. + loader consumed by uwsgi. - Package does not contain extensions to security-sensitive software - (filters, scanners, plugins, UI skins, ...). It is itself a plugin to uwsgi, - but is in-tree upstream code, not a third-party extension. + (filters, scanners, plugins, UI skins, ...). It is itself a plugin to uwsgi, + but is in-tree upstream code, not a third-party extension. [Quality assurance - function/usage] - The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream and does - not have too many, long-term & critical, open bugs. - - Ubuntu https://bugs.launchpad.net/ubuntu/+source/uwsgi-plugin-python/+bug - - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=uwsgi-plugin-python - - Upstream (uwsgi) bug tracker: https://github.com/unbit/uwsgi/issues + not have too many, long-term & critical, open bugs. + - Ubuntu https://bugs.launchpad.net/ubuntu/+source/uwsgi-plugin-python/+bug + - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=uwsgi-plugin-python + - Upstream (uwsgi) bug tracker: https://github.com/unbit/uwsgi/issues - The package has no important open bugs at this time. - The package does not deal with exotic hardware we cannot support. [Quality assurance - testing] - The package runs a test suite on build time, if it fails it makes the build - fail; the build invokes upstream's plugin build via `uwsgi --build-plugin` - and help2man-generated manpage regeneration. Link to build log: - https://launchpad.net/ubuntu/+source/uwsgi-plugin-python/0.0.2build4 + fail; the build invokes upstream's plugin build via `uwsgi --build-plugin` + and help2man-generated manpage regeneration. Link to build log: + https://launchpad.net/ubuntu/+source/uwsgi-plugin-python/0.0.2build4 - The package runs an autopkgtest (`debian/tests/integration`, taken from - upstream tests as of 0.0.2), and is currently passing on amd64, arm64, - armhf, ppc64el, riscv64, s390x. Test logs: - https://autopkgtest.ubuntu.com/packages/u/uwsgi-plugin-python + upstream tests as of 0.0.2), and is currently passing on amd64, arm64, + armhf, ppc64el, riscv64, s390x. Test logs: + https://autopkgtest.ubuntu.com/packages/u/uwsgi-plugin-python - The package does not have failing autopkgtests right now. [Quality assurance - packaging] - A mechanism to detect and fetch new upstream versions is not present because - it is a native package. The source ships only Debian packaging; the actual - plugin source code is pulled at build time from the `uwsgi-src` binary - package (which carries the upstream watch file). debian/README.source - documents this construction. + it is a native package. The source ships only Debian packaging; the actual + plugin source code is pulled at build time from the `uwsgi-src` binary + package (which carries the upstream watch file). debian/README.source + documents this construction. - debian/control defines a correct Maintainer field (Debian uWSGI packaging - team). The package is currently maintained as a sync from Debian; an Ubuntu - delta would trigger `update-maintainer`. + team). The package is currently maintained as a sync from Debian; an Ubuntu + delta would trigger `update-maintainer`. - This package does not yield massive lintian Warnings or Errors. - Recent build log: https://launchpad.net/ubuntu/+source/uwsgi-plugin-python/0.0.2build4 - Full `lintian --pedantic` output attached as a separate comment on this bug. - Lintian overrides are not present. - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies (Python 3 only). - The package will not be installed by default; it is pulled in transitively - by uwsgi via OpenStack server packages. + by uwsgi via OpenStack server packages. - Packaging and build is easy. Link to debian/rules: - https://salsa.debian.org/uwsgi-team/uwsgi-plugin-python/-/blob/debian/latest/debian/rules + https://salsa.debian.org/uwsgi-team/uwsgi-plugin-python/-/blob/debian/latest/debian/rules [UI standards] - Application is not end-user facing (does not need translation). It is a - server-side uwsgi plugin. + server-side uwsgi plugin. - End-user applications without desktop file, not needed because this is a - server-side plugin with no GUI. + server-side plugin with no GUI. [Dependencies] - Used `check-mir` from ubuntu-dev-tools to validate all dependencies or - recommends are in main. Direct runtime dependencies for uwsgi-plugin-python3 - are python3 (main), libc and uwsgi (uwsgi MIR is the companion bug - LP: #2151202). The gevent/greenlet/tornado binaries (which stay in universe) - depend on python3-gevent / python3-greenlet (universe) and are out of scope. + recommends are in main. Direct runtime dependencies for uwsgi-plugin-python3 + are python3 (main), libc and uwsgi (uwsgi MIR is the companion bug + LP: #2151202). The gevent/greenlet/tornado binaries (which stay in universe) + depend on python3-gevent / python3-greenlet (universe) and are out of scope. [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - The owning team will be the Ubuntu OpenStack team (~ubuntu-openstack) and I - have their acknowledgment for that commitment. + have their acknowledgment for that commitment. - The future owning team is not yet subscribed, but will subscribe to the - package before promotion. + package before promotion. - This does not use static builds. - This does not use vendored code. - This does not use vendored code (refresh mechanism N/A). - This does not use vendored code (copyright N/A). - This package is not rust based. - The package has been built within the last 3 months in the archive - (0.0.2build4 uploaded 2026-03-20). + (0.0.2build4 uploaded 2026-03-20). - Build link on launchpad: - https://launchpad.net/ubuntu/+source/uwsgi-plugin-python/0.0.2build4 + https://launchpad.net/ubuntu/+source/uwsgi-plugin-python/0.0.2build4 This change will not impact other teams beyond the OpenStack consumers that are driving the request, and the Server team who co-owns uwsgi packaging and is aware via the companion uwsgi MIR (LP: #2151202). [Background information] The Package description explains the package well Upstream Name is N/A - Debian native package (subset of uwsgi)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2152614 Title: [MIR] uwsgi-plugin-python To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/uwsgi-plugin-python/+bug/2152614/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
