pkg-perl-maintainers team mailing list archive
-
pkg-perl-maintainers team
-
Mailing list archive
-
Message #04121
[Bug 1907422] Re: [MIR] needrestart + dependencies
[Summary]
We need to assess the situation of package updates. We are several releases behind (5 years behind) and have some CVE as distro-patch as a consequence. Some DD just took it over in January it seems, but didn’t update to current releases.
List of specific binary packages to be promoted to main: libintl-perllib
libintl-xs-perl
Required TODOs:
- Assess the package update situation and health of the debian team responsible for it.
[Duplication]
Other perls modules deals with i18n, but it seems none give the same gettext functionality.
[Dependencies]
OK:
- no other Dependencies to MIR due to this (perlapi-5.32.1 is a virtual package provided by perl-base)
- no -dev/-debug/-doc packages that need exclusion
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
- test suite will fail upon error.
- does have a test suite that runs as autopkgtest
- no translation present, but none needed for this case
- not a python/go package, no extra constraints to consider in that regard
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- no symbols tracking for this kind of libs
- d/watch is present and looks ok
- Upstream update history is good
- promoting this does not seem to cause issues for MOTUs that so far
- no massive Lintian warnings
- d/rules is rather clean (=the minimum)
- Does not have Built-Using
Problems:
- Debian/Ubuntu update history is not good: we are several release behind (1.26 released in 2016 and curent is 1.32), some CVS has been distro-patched due to this.
- the current release is not packaged and lagging behind (the version
[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (perl)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks
** Changed in: libintl-perl (Ubuntu)
Assignee: Didier Roche (didrocks) => (unassigned)
** Changed in: libintl-perl (Ubuntu)
Status: New => Incomplete
** Changed in: libintl-perl (Ubuntu)
Assignee: (unassigned) => Christian Ehrhardt (paelzer)
--
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libmodule-scandeps-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1907422
Title:
[MIR] needrestart + dependencies
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libintl-perl/+bug/1907422/+subscriptions
Follow ups
References