pkg-perl-maintainers team mailing list archive

[Eduardo Barretto <2122108@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

[Availability]
The package libcrypt-urandom-perl is already in universe for quite a while.
The package libcrypt-urandom-perl build for the architectures it is designed
to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el,
riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/libcrypt-urandom-perl

[Rationale]
The package libcrypt-urandom-perl is required in Ubuntu main for the new version
of libauthen-sasl-perl (2.1900-1) to work (runtime dependency).

The package libcrypt-urandom-perl will not generally be useful for a large part
of our user base, but is important/helpful still because libauthen-sasl-perl
and this new dependency improves the source of randomness (CVE-2025-40918) even
though it is not really a fix for that particular issue, since the mechanism is
obsolete for a while now. But overall this can be a good addition for future
needs of randomness.

There is no other/better way to solve this that is already in main or should go
universe->main instead of this.

This is the first time package will be in main.

The binary package libcrypt-urandom-perl needs to be in main for
libauthen-sasl-perl to work.

It would be great and useful to community/processes to have the
package libcrypt-urandom-perl in Ubuntu main, but there is no definitive deadline.

[Security]
- No CVEs/security issues in this software in the past

- no `suid` or `sgid` binaries

- no executables in `/sbin` and `/usr/sbin`

- Package does not install services, timers or recurring jobs

- Packages does not open privileged ports (ports < 1024).

- Package does not expose any external endpoints

- Packages does not contain extensions to security-sensitive software

[Quality assurance - function/usage]

- The package works well right after install

[Quality assurance - maintenance]

- The package is maintained well in Debian/Ubuntu/Upstream and does
  not have too many, long-term & critical, open bugs

- Ubuntu https://bugs.launchpad.net/ubuntu/+source/libcrypt-urandom-
perl/+bug

- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libcrypt-
urandom-perl

- Upstream's bug tracker: https://github.com/david-dick/crypt-
urandom/issues

- The package does not deal with exotic hardware we cannot support

[Quality assurance - testing]

- The package runs a test suite on build time, if it fails
  it makes the build fail, link to build log
  https://launchpadlibrarian.net/783654505/buildlog_ubuntu-plucky-amd64.libcrypt-urandom-perl_0.54-1_BUILDING.txt.gz

- The package runs an autopkgtest, and is currently passing on
  the supported list of architectures, link to test logs:
  https://autopkgtest.ubuntu.com/packages/l/libcrypt-urandom-perl

- The package does have not failing autopkgtests right now

[Quality assurance - packaging]

- debian/watch is present and works

- debian/control defines a correct Maintainer field

- Please attach the full output you have got from
  `lintian --pedantic` as an extra post to this bug.

  $ lintian --pedantic
    E: libcrypt-urandom-perl changes: bad-distribution-in-changes-file unstable

- This package does not rely on obsolete or about to be demoted
packages.

- This package has no python2 or GTK2 dependencies

- The package will not be installed by default

- Packaging and build is easy, link to debian/rules
https://git.launchpad.net/ubuntu/+source/libcrypt-urandom-perl/tree/debian/rules


[UI standards]
- Application is not end-user facing (does not need translation)

[Dependencies]
- Used check-mir from ubuntu-dev-tools to validate
  all dependencies or recommends are in main.
  $ check-mir
    Checking support status of build dependencies...
     * libtest-pod-perl is in universe, but its source libtest-pod-perl is already in main; file an ubuntu-archive bug for promoting the current preferred alternative
     * perl-xs-dev is a virtual package, which is provided by the following candidates in Main: libperl-dev

    Checking support status of binary dependencies...
    All dependencies are supported in main or restricted.

[Standards compliance]

- This package correctly follows FHS and Debian Policy
  Standards-Version: 4.7.2

[Maintenance/Owner]

- I suggest the owning team to be Debcrafters, since they are the
  maintainers of libauthen-sasl-perl.

- The future owning team is not yet subscribed, but will subscribe to
  the package before promotion

- This does not use static builds

- This does not use vendored code

- This package is not rust based

- The package has been built back in March 2025:
https://launchpad.net/ubuntu/+source/libcrypt-urandom-perl/0.54-1

[Background information]
The package description explains the general purpose and context of the package well.

** Affects: libcrypt-urandom-perl (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libcrypt-urandom-perl in Ubuntu.
https://bugs.launchpad.net/bugs/2122108

Title:
  [MIR] libcrypt-urandom-perl as a dependency of libauthen-sasl-perl

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libcrypt-urandom-perl/+bug/2122108/+subscriptions