group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1621386] Re: [MIR] libsodium

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Steve Langasek <steve.langasek@xxxxxxxxxxxxx>
Date: Tue, 16 Apr 2019 19:24:36 -0000
Reply-to: Bug 1621386 <1621386@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Copy candidates:
	libsodium 1.0.8-5 in xenial
	libsodium-dbg 1.0.8-5 in xenial amd64
	libsodium-dbg 1.0.8-5 in xenial arm64
	libsodium-dbg 1.0.8-5 in xenial armhf
	libsodium-dbg 1.0.8-5 in xenial i386
	libsodium-dbg 1.0.8-5 in xenial powerpc
	libsodium-dbg 1.0.8-5 in xenial ppc64el
	libsodium-dbg 1.0.8-5 in xenial s390x
	libsodium-dev 1.0.8-5 in xenial amd64
	libsodium-dev 1.0.8-5 in xenial arm64
	libsodium-dev 1.0.8-5 in xenial armhf
	libsodium-dev 1.0.8-5 in xenial i386
	libsodium-dev 1.0.8-5 in xenial powerpc
	libsodium-dev 1.0.8-5 in xenial ppc64el
	libsodium-dev 1.0.8-5 in xenial s390x
	libsodium-dev-dbgsym 1.0.8-5 in xenial amd64
	libsodium-dev-dbgsym 1.0.8-5 in xenial arm64
	libsodium-dev-dbgsym 1.0.8-5 in xenial armhf
	libsodium-dev-dbgsym 1.0.8-5 in xenial i386
	libsodium-dev-dbgsym 1.0.8-5 in xenial powerpc
	libsodium-dev-dbgsym 1.0.8-5 in xenial ppc64el
	libsodium-dev-dbgsym 1.0.8-5 in xenial s390x
	libsodium18 1.0.8-5 in xenial amd64
	libsodium18 1.0.8-5 in xenial arm64
	libsodium18 1.0.8-5 in xenial armhf
	libsodium18 1.0.8-5 in xenial i386
	libsodium18 1.0.8-5 in xenial powerpc
	libsodium18 1.0.8-5 in xenial ppc64el
	libsodium18 1.0.8-5 in xenial s390x
	libsodium18-dbgsym 1.0.8-5 in xenial amd64
	libsodium18-dbgsym 1.0.8-5 in xenial arm64
	libsodium18-dbgsym 1.0.8-5 in xenial armhf
	libsodium18-dbgsym 1.0.8-5 in xenial i386
	libsodium18-dbgsym 1.0.8-5 in xenial powerpc
	libsodium18-dbgsym 1.0.8-5 in xenial ppc64el
	libsodium18-dbgsym 1.0.8-5 in xenial s390x
Candidate copy target: https://api.launchpad.net/devel/ubuntu/+archive/primary
Copy [y|N]? y
36 copies requested.
$ q -Q unapproved -s xenial-updates override -c main libsodium
Overriding libsodium_1.0.8-5 (universe/misc)
20445625 | X- | libsodium            | 1.0.8-5              | 1 minute
	 | * libsodium/1.0.8-5 Component: main Section: misc
$ q -Q unapproved -s xenial-updates accept libsodium
Accepting libsodium/1.0.8-5


** Changed in: libsodium (Ubuntu Xenial)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1621386

Title:
  [MIR] libsodium

Status in libsodium package in Ubuntu:
  Fix Released
Status in libsodium source package in Trusty:
  Fix Released
Status in libsodium source package in Xenial:
  Fix Released

Bug description:
  [Availability]
  The package is currently available in universe, currently imported directly from Debian with no Ubuntu specific patches.

  [Rationale]
  libsodium is a dependency of ZeroMQ, which in turn is a dependency of unity-scopes-api.  Therefore, we will need to include it in main to support Unity 8.

  [Security]
  I couldn't find any CVEs or other advisories for the libsodium library, or djb's "nacl" library (http://nacl.cr.yp.to/) that it is derived from.

  [Quality Assurance]
  Package is a library, so not something end users will interact with directly.  There are other apps and libraries in universe that currently link with libsodium, and install without issue.

  The library asks no debconf questions on install.

  Bugs are tracked in Debian and Ubuntu here:
  https://bugs.launchpad.net/ubuntu/+source/libsodium
  https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsodium

  The one Ubuntu bug looks like it might be user confusion about -dev
  packages.  The one Debian report is complaining about Debian packaging
  an old version of libsodium: something that seems to have since been
  fixed but not noted in the bug report.

  New releases appear to be packaged in Debian promptly
  (https://packages.qa.debian.org/libs/libsodium.html), and the latest
  Debian release was recently migrated into Yakkety.

  The package is a software crypto library, so doesn't rely on exotic
  hardware.

  Library has a test suite that is run as part of the package build.

  The package has a debian/watch file checking for new releases on
  github.

  [UI Standards]
  The package contains a non-graphical crypto library.

  [Dependencies]
  The libsodium18 binary package only depends on libc6.  For source build-depends, there is debhelper, pkg-config, and dh-autoreconf.  All are already in main.

  [Maintenance]
  The package currently lists ubuntu-devel-discuss as its maintainer.  It doesn't look like we've ever made any changes to the versions of the package migrated from Debian though.

  [Background information]
  The package has reasonable description strings and hasn't been renamed recently.  The source package name matches the upstream project name.

  [ABI Stability]
  The library is plain C, so should be fairly robust.  The upstream developers committed to API and ABI stability with the 1.0.0 release (October 2014):

  https://github.com/jedisct1/libsodium/releases/tag/1.0.0

  A bit worryingly though, they changed soname in the 1.0.6 release
  (November 2015):

  https://github.com/jedisct1/libsodium/releases/tag/1.0.6

  The changelog seems to indicate that the release should have been
  compatible but they changed soname just to be sure.  It is unclear
  whether this is likely to happen again.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libsodium/+bug/1621386/+subscriptions