Ready for consideration by the MIR Team and an audit by the security Team. Subscribing both.
But once more to be sure - this is meant for the Z* release. So take a breath and close out your Yakkety tasks first :-) ** Description changed: + [MIR] + Listing MIR requirements that are fulfilled IMHO: + + 0. First of all - this is for the Z* release, no rush into Yakkety, + but starting to do it right for Z* now instead of late in the next + cycle. + + 1. Availability: Is already in Ubuntu universe and builds for the + architectures it is designed to work on. + + 2. Rationale: having this python extension available would allow us to + ship a dpdk helper tool that can help debugging it in case uncommon + network cards are used. DPDK is in main, so this would be a runtime + dependency. + + 3. Security: There were no open CVEs reported against it in the past. + No Binaries, services or anything like it - just py files to include + and a readme. + + 4. Quality assurance: Being a python extension there is no config needed + that would make usability complex. + The code is well myintained upstream. Currently there is no Ubuntu + Delta to Debian and so far there are zero bugs against the package at + https://bugs.launchpad.net/ubuntu/+source/python-pyelftools + Neither are there in Debian: + https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=python-pyelftools + It has a set of integrated tests ran on build in override_dh_auto_test. + + 5. UI Standards: No UI + + 6. Dependencies: + Runtime dependencies are on python2/3 only which already is in main. + Build dependencies are on python, dh-python and debhelper. Again a + small list and all already in main. + + 7. Standards compliance: Packaging is small and easy to understand as it + is almost "just" calling dh with pybuild. It has a watch file and also + FHS/Debian compliance is given. Lintian reports no open issues. + + 8. Maintenance: As said so far no open bugs and no delta. Since it doesn't + expose anything to the network the risk of security issues is medium. + It is medium and not low as it is used to process elf data on e.g. + shared libraries - that means reading arbitrary data. Since it is in + python a lot of the protection e.g. for buffer overflows comes from the + runtime environment. There is no owning Team yet as it falls in the MIR + prerequisites quote of "Simple packages (e.g. language bindings, simple + Perl modules, small command-line programs, etc.) might not need very + much maintenance effort, and if they are maintained well in Debian we + can just keep them synced" + + ---- + The latest upload of dpdk introduces a dependency on python-pyelftools. MIR, or dropping of the dependency, needed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1630073 Title: [MIR] python-pyelftools To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpdk/+bug/1630073/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
