← Back to team overview

pkg-perl-maintainers team mailing list archive

[Bug 1907422] Re: [MIR] needrestart + dependencies

 

** Description changed:

  [Availability]
  
  The package and its dependencies are already in universe.
  
  [Rationale]
  
  needrestart is a very useful maintainance tool to track any processes
  that are out of date, and when possible offer to restart them. This
  tool is very useful to check if sessions need to be restarted,
  workloads need restarting, user & system daemons need restarting. But
  also, whether the restarts were successful.
  
  [Security]
  
  The needrestart package is around in Ubuntu and Debian since many years
  (first upload in Debian in 2013). Since then, there have been no CVE's
  or serious security vulnerabilities reported (+ no mention of any
  security related fixes in the changelog). It installs the needrestart
  perl script into /usr/sbin/, no setuid binaries present.
  
  As for its runtime dependencies:
  
  - libintl-perl: in 2016 CVE-2016-1238 has been addressed
  - libmodule-find-perl: none
  - libmodule-scandeps-perl: none
  - libsort-naturally-perl: none
  
  (all the dependencies are perl modules, so no security-interesting
  binaries/configurations are being installed)
  
  [Quality assurance]
  
  The package, after installation, is ready without any special configuration. needrestart is already seeded as per [1]. Also, as mentioned in the Maintenance section, the package is regularly updated in Debian (directly synced to Ubuntu as of now).
  Browsing through Ubuntu and Debian bugs filled for needrestart, there seem to be none that are particularly worrisome. Most of them are old bugs, possibly no longer relevant. Some that we might want to check up on if they're still a thing:
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826044 - seems like the last post was in 2018 and no new reports
  - https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/1734768 - from 2017, xenial, old, but maybe worth re-visiting just in case
+ 
+ Browsed the upstream bugs as well and saw nothing critical there as well
+ (microcode issues on bionic, but that's fixed in later versions).
  
  And all required dependencies seem to have no outstanding bugs in
  Ubuntu.
  
  [Dependencies]
  
  All dependencies are either already in main or are part of this MIR.
  There are a few additional universe build-dependencies (and build-
  dependencies of the dependencies) but those have been confirmed to only
  be used during the build and not result in any other universe runtime
  dependencies.
  
  [Standards compliance]
  
  FHS and Debian Policy compliant.
  
  [Maintenance]
  
  The Ubuntu Foundations Team will be subscribed to the package and its
  relevant dependencies. All the packages seem to be actively maintained
  in Debian and so far no additional Ubuntu changes were required.
  
  [Background information]
  
  The package is already seeded, as for 21.04 we'd like to aim to force
  people to restart less. And this tool will be very useful for us to
  achieve that.
  
  [Original Description]
  
  This is a stub for coming MIR activity.
  Since this was already seeded [1] it regularly shows up as component mismatch now.
  
  Therefore we want to raise this from "status is unknown" to "nothing
  done yet, but documented as that" :-)
  
  The bug status will be incomplete util properly prepared.
  
  This covers needrestart and it's dependencies:
  - libintl-perl
  - libmodule-find-perl
  - libmodule-scandeps-perl
  - libsort-naturally-perl
  
  [1]: https://git.launchpad.net/~ubuntu-core-dev/ubuntu-
  seeds/+git/ubuntu/commit/?id=ed7003d4c9a0be80e8a17699baa858b2bf1ce06b

** Description changed:

  [Availability]
  
  The package and its dependencies are already in universe.
  
  [Rationale]
  
- needrestart is a very useful maintainance tool to track any processes
+ needrestart is a very useful maintenance tool to track any processes
  that are out of date, and when possible offer to restart them. This
  tool is very useful to check if sessions need to be restarted,
  workloads need restarting, user & system daemons need restarting. But
- also, whether the restarts were successful.
+ also, whether the restarts were successful. This is part of the work towards us having to restart less.
+ 
+ It requires some perl dependencies pulled in, but they're mostly just
+ your typical additional perl modules.
  
  [Security]
  
  The needrestart package is around in Ubuntu and Debian since many years
  (first upload in Debian in 2013). Since then, there have been no CVE's
  or serious security vulnerabilities reported (+ no mention of any
  security related fixes in the changelog). It installs the needrestart
  perl script into /usr/sbin/, no setuid binaries present.
  
  As for its runtime dependencies:
  
  - libintl-perl: in 2016 CVE-2016-1238 has been addressed
  - libmodule-find-perl: none
  - libmodule-scandeps-perl: none
  - libsort-naturally-perl: none
  
  (all the dependencies are perl modules, so no security-interesting
  binaries/configurations are being installed)
  
  [Quality assurance]
  
  The package, after installation, is ready without any special configuration. needrestart is already seeded as per [1]. Also, as mentioned in the Maintenance section, the package is regularly updated in Debian (directly synced to Ubuntu as of now).
  Browsing through Ubuntu and Debian bugs filled for needrestart, there seem to be none that are particularly worrisome. Most of them are old bugs, possibly no longer relevant. Some that we might want to check up on if they're still a thing:
  - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826044 - seems like the last post was in 2018 and no new reports
  - https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/1734768 - from 2017, xenial, old, but maybe worth re-visiting just in case
  
  Browsed the upstream bugs as well and saw nothing critical there as well
  (microcode issues on bionic, but that's fixed in later versions).
  
  And all required dependencies seem to have no outstanding bugs in
  Ubuntu.
  
  [Dependencies]
  
  All dependencies are either already in main or are part of this MIR.
  There are a few additional universe build-dependencies (and build-
  dependencies of the dependencies) but those have been confirmed to only
  be used during the build and not result in any other universe runtime
  dependencies.
  
  [Standards compliance]
  
  FHS and Debian Policy compliant.
  
  [Maintenance]
  
  The Ubuntu Foundations Team will be subscribed to the package and its
  relevant dependencies. All the packages seem to be actively maintained
  in Debian and so far no additional Ubuntu changes were required.
  
  [Background information]
  
  The package is already seeded, as for 21.04 we'd like to aim to force
  people to restart less. And this tool will be very useful for us to
  achieve that.
  
  [Original Description]
  
  This is a stub for coming MIR activity.
  Since this was already seeded [1] it regularly shows up as component mismatch now.
  
  Therefore we want to raise this from "status is unknown" to "nothing
  done yet, but documented as that" :-)
  
  The bug status will be incomplete util properly prepared.
  
  This covers needrestart and it's dependencies:
  - libintl-perl
  - libmodule-find-perl
  - libmodule-scandeps-perl
  - libsort-naturally-perl
  
  [1]: https://git.launchpad.net/~ubuntu-core-dev/ubuntu-
  seeds/+git/ubuntu/commit/?id=ed7003d4c9a0be80e8a17699baa858b2bf1ce06b

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libmodule-scandeps-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1907422

Title:
  [MIR] needrestart + dependencies

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libintl-perl/+bug/1907422/+subscriptions


References