[Summary]
This needs a team bug subscriber; setting back to 'incomplete'
until it has a team bug subscriber.
The 'malcontent-gui' binary package provides a GUI, and may need
further review from a UI perspective.
This does need a security review, so I'll assign ubuntu-security
after the above are addressed.
This is still dependent on libflatpak0 MIR from LP: #1812456
Otherwise, this is an ACK from MIR team.
specific binary packages to be promoted to main:
- gir1.2-malcontent-0
- gir1.2-malcontentui-0
- libmalcontent-0-0
- libmalcontent-ui-0-0
- libpam-malcontent
- malcontent
- malcontent-gui
Notes:
Required TODOs:
- some team (probably foundations) must subscribe to package bugs
- malcontent-gui package needs further review as part of UI
- needs security team review
- this does also depend on libflatpack0 MIR from LP: #1812456
[Duplication]
There is no other package in main providing the same functionality.
[Dependencies]
OK:
- other dependencies to MIR due to this:
libflatpak0 is in universe, but also in progress via LP: #1812456
Problems:
- -dev packages that need exclusion:
libmalcontent-0-dev
libmalcontent-ui-0-dev
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
Problems:
- does deal with system authentication (pam)
- does parse data formats
[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
- test suite fails will fail the build upon error.
- translation present
- not a python/go package
Problems:
- does not have a test suite that runs as autopkgtest
- The package does not have a team bug subscriber
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking is in place
- d/watch is present and looks ok
- Upstream update history is good
- Debian/Ubuntu update history is good but short, pkg was added recently
- promoting this does not seem to cause issues for MOTUs
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using
- not go Package
Problems:
- the current release is packaged
the latest upstream release is 0.9.0 while Debian/Ubuntu have 0.8.0
however, 0.9.0 is from only 2 weeks ago
[Upstream red flags]
OK:
- no Errors/warnings during the build (except minor annotation warnings)
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
Problems:
- 'malcontent-gui' package is part of the UI, needs extra checks
** Changed in: malcontent (Ubuntu)
Status: New => Incomplete
** Changed in: malcontent (Ubuntu)
Assignee: Dan Streetman (ddstreet) => Robert Ancell (robert-ancell)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892456
Title:
[MIR] malcontent
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/malcontent/+bug/1892456/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
