> I woudl split them in a separate package as they don't need to be installed by default, but it's up to you.
Sorry, I am not willing to put this package through the Debian NEW queue just to split out a few KB of examples into a separate binary package, and I suspect the ftp team would take a dim view of this: the size of the archive metadata required to describe that binary package would the same order of magnitude as the size of the package itself. If they are considered to be a serious problem for some reason, then I'll delete them altogether, and just patch in the README. The demos are re-included via debian/dist/ (older versions) or debian/patches/dist/ (newer) because I was looking at packaging a git snapshot in experimental, and happened to notice that they are shipped upstream but were accidentally not included in tarballs. I also contributed a patch upstream to include them in `make dist`, and that patch has been merged. I believe flatpak.bpf is a snapshot of the seccomp filter that was set up by some random older version of Flatpak, and accompanies flatpak- run.sh to make flatpak-run.sh more closely resemble what Flatpak actually does. bubblewrap takes seccomp filters as input in binary form rather than building them using libseccomp, because bubblewrap is (initially) highly privileged, so library dependencies are minimized to reduce attack surface; instead, the unprivileged Flatpak binary links libseccomp and constructs the filter itself. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to bubblewrap in Ubuntu. https://bugs.launchpad.net/bugs/1709164 Title: [MIR] bubblewrap Status in bubblewrap package in Ubuntu: Confirmed Bug description: Availability ============ Built for all supported architectures. In sync with Debian. Rationale ========= The gnome-desktop3 library 3.25.90+ requires bubblewrap. bubblewrap is most commonly used as part of Flatpak's security isolation feature. Here it's being used to sandbox the thumbnailers. See https://git.gnome.org/browse/gnome-desktop/log (changes from 3.25.4 to 3.25.90) The bubblewrap feature was disabled in Ubuntu 17.10's gnome-desktop3 package because this MIR was not processed. Security ======== No known open security vulnerabilities in any Ubuntu releases. https://security-tracker.debian.org/tracker/source-package/bubblewrap I helped prepare a security update (LP: #1657357) (CVE-2017-5226) for bubblewrap/flatpak several months ago. Security-sensitive package. Quality assurance ================= Bug subscriber: should be Ubuntu Desktop Bugs https://bugs.launchpad.net/ubuntu/+source/bubblewrap https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=bubblewrap https://github.com/projectatomic/bubblewrap/issues dh_auto_test runs the build tests but they appear to be set as SKIP upstream. (See comment #4) Multiple autopkgtests passing on all Ubuntu architectures. Because the tests require machine isolation, the autopkgtests don't run on Debian's infrastructure currently. Dependencies ============ check-mir reports all other binary dependencies are in main Standards compliance ==================== 4.0.0 Maintenance =========== - Actively developed upstream https://github.com/projectatomic/bubblewrap - Maintained in Debian by the pkg-utopia team but more specifically, it is maintained by Simon McVittie (smcv) who also maintains Flatpak and ostree in Debian and Ubuntu. short dh7 style rules, dh compat 10 Background information ====================== William Hua (attente) had been working last year on a snapcraft plugin that used bubblewrap. So maybe more stuff will use bubblewrap in the future. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1709164/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
