pkg-perl-maintainers team mailing list archive

[Steve Langasek <2024245@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

[Availability]
Architecture-all perl package present in Ubuntu since 2014. https://launchpad.net/ubuntu/+source/libhttp-cookiejar-perl

[Rationale]
Required by current libwww-perl in Debian.  This duplicates / supersedes functionality already present in libhttp-cookies-perl, however libwww-perl describes libhttp-cookiejar-perl as "a safer cookie jar", "providing a better security model matching that of current Web browsers when Mozilla::PublicSuffix is installed".

libwww-mechanize-perl is also a reverse-dependency of libhttp-cookies-
perl in main and has not migrated to libhttp-cookiejar-perl yet in
Debian, so it doesn't appear we can do a straight swap of one source
package for the other at present.

[Security]
- No results on https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=HTTP%3A%3ACookiejar or https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=http-cookiejar
- only false positives on unrelated packages when searching site:www.openwall.com/lists/oss-security
- 0 results on https://ubuntu.com/security/cves?package=libhttp-cookiejar-perl
- 0 security issues on https://security-tracker.debian.org/tracker/source-package/libhttp-cookiejar-perl

Package does not ship any executables, it's a perl module; but by
definition it will be used to handle untrusted input from the Internet.

[Quality assurance - maintenance]
No open bugs at https://bugs.launchpad.net/ubuntu/+source/libhttp-cookiejar-perl or https://bugs.debian.org/src:libhttp-cookiejar-perl.

Single wishlist bug open at https://github.com/dagolden/HTTP-CookieJar/issues.
[Quality assurance - testing]
upstream tests are run via autodep8 and at package build time and pass on all archs https://autopkgtest.ubuntu.com/packages/libhttp-cookiejar-perl/mantic/amd64

[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will be installed by default, but does not ask debconf
  questions
- Packaging and build is easy; trivial dh debian/rules

[UI standards]
- n/a, perl module only

[Dependencies]
- No further depends or recommends dependencies that are not yet in main

[Standards compliance]
- This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
- Owning Team will be foundations-bugs and will subscribe to the package before promotion

[Background information]
The Package description explains the package well

** Affects: libhttp-cookiejar-perl (Ubuntu)
     Importance: Undecided
         Status: New

** Changed in: libhttp-cookiejar-perl (Ubuntu)
    Milestone: None => ubuntu-23.10

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libhttp-cookiejar-perl in Ubuntu.
https://bugs.launchpad.net/bugs/2024245

Title:
  [MIR] libhttp-cookiejar-perl

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libhttp-cookiejar-perl/+bug/2024245/+subscriptions