Public bug reported: The source package and coreutils binary already ended up in main as coreutils binary used to be in main but moved packages, but for sake of process let's do an MIR.
[Availability] The package coreutils-from is already in Ubuntu universe. The package coreutils-from build for the architectures it is designed to work on. Link to package https://launchpad.net/ubuntu/+source/coreutils-from [Rationale] The package coreutils-from is required in Ubuntu main for enabling the switch to rust-coreutils as per https://discourse.ubuntu.com/t/carefully-but-purposefully-oxidising-ubuntu/56995/7 It's a set of symlink farms, facilitating switching between providers. For the purpose of this MIR, we want to consider the gnu-coreutils one, well the mechanism for switching, the rust-coreutils we will do in the rust-coreutils MIR. [Security] - No CVEs/security issues in this software in the past - Binaries are no problem because they are symbolic links to separately reviewed coreutils providers. - Package does not install services, timers or recurring jobs - This is just symlink farms, so we don't have much security to keep in mind, the features are needed in the actual providers. For rust-coreutils we need to sort out the story of the multi-call binary vs AppArmor path-based profiles, but we'll leave that discussion to the rust-coreutils MIR. [Quality assurance - function/usage] - The package works well right after install [Quality assurance - maintenance] It is just symlink farms. [Quality assurance - testing] The `coreutils` packages upstream test suite continues running, coreutils are used everywhere, so bugs are easily noticed - for the default provider anyway. Once we enable coreutils-from-uutils as the default, we also need to continue running the GNU test suite against the GNU tools specifically. - The package does not run a test at build time because it's just a symlink farm; the actual providers run their test suites. - The package does not run an autopkgtest because the actual code providers run test suites - The package does have not failing autopkgtests right now [Quality assurance - packaging] - debian/watch is not present because it is a native package - debian/control defines a correct Maintainer field - Lintian overrides are present, but ok because they are only in the variants we don't want to MIR. - The package will be installed by default, but does not ask debconf questions - Packaging and build is easy: https://git.launchpad.net/~juliank/+git/coreutils-from/tree/debian?h=main [UI standards] These are questions for the actual implementations. [Dependencies] The default dependency is to the gnu-coreutils right now, we want that to migrate, then switch to rust-coreutils, we'll then MIR that. [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - The owning team will be foundations-bugs and I have their acknowledgement for that commitment - This does not use static builds - This does not use vendored code - The package is new :D [Background information] https://discourse.ubuntu.com/t/carefully-but-purposefully-oxidising-ubuntu/56995/7 https://discourse.ubuntu.com/t/migration-to-rust-coreutils-in-25-10/59708 ** Affects: coreutils-from (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2110879 Title: [MIR] coreutils-from To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/coreutils-from/+bug/2110879/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
