[Summary] This needs a team bug subscriber; setting back to 'incomplete' until it has a team bug subscriber.
The 'malcontent-gui' binary package provides a GUI, and may need further review from a UI perspective. This does need a security review, so I'll assign ubuntu-security after the above are addressed. This is still dependent on libflatpak0 MIR from LP: #1812456 Otherwise, this is an ACK from MIR team. specific binary packages to be promoted to main: - gir1.2-malcontent-0 - gir1.2-malcontentui-0 - libmalcontent-0-0 - libmalcontent-ui-0-0 - libpam-malcontent - malcontent - malcontent-gui Notes: Required TODOs: - some team (probably foundations) must subscribe to package bugs - malcontent-gui package needs further review as part of UI - needs security team review - this does also depend on libflatpack0 MIR from LP: #1812456 [Duplication] There is no other package in main providing the same functionality. [Dependencies] OK: - other dependencies to MIR due to this: libflatpak0 is in universe, but also in progress via LP: #1812456 Problems: - -dev packages that need exclusion: libmalcontent-0-dev libmalcontent-ui-0-dev [Embedded sources and static linking] OK: - no embedded source present - no static linking [Security] OK: - history of CVEs does not look concerning - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not open a port - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop Problems: - does deal with system authentication (pam) - does parse data formats [Common blockers] OK: - does not FTBFS currently - does have a test suite that runs at build time - test suite fails will fail the build upon error. - translation present - not a python/go package Problems: - does not have a test suite that runs as autopkgtest - The package does not have a team bug subscriber [Packaging red flags] OK: - Ubuntu does not carry a delta - symbols tracking is in place - d/watch is present and looks ok - Upstream update history is good - Debian/Ubuntu update history is good but short, pkg was added recently - promoting this does not seem to cause issues for MOTUs - no massive Lintian warnings - d/rules is rather clean - Does not have Built-Using - not go Package Problems: - the current release is packaged the latest upstream release is 0.9.0 while Debian/Ubuntu have 0.8.0 however, 0.9.0 is from only 2 weeks ago [Upstream red flags] OK: - no Errors/warnings during the build (except minor annotation warnings) - no incautious use of malloc/sprintf (as far as I can check it) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian or Ubuntu - no dependency on webkit, qtwebkit, seed or libgoa-* Problems: - 'malcontent-gui' package is part of the UI, needs extra checks ** Changed in: malcontent (Ubuntu) Status: New => Incomplete ** Changed in: malcontent (Ubuntu) Assignee: Dan Streetman (ddstreet) => Robert Ancell (robert-ancell) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892456 Title: [MIR] malcontent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/malcontent/+bug/1892456/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs