touch-packages team mailing list archive

Thread
Date

[Bug 1367004] Re: [MIR] python-gnupg

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Michael Terry <michael.terry@xxxxxxxxxxxxx>
Date: Wed, 10 Sep 2014 13:12:08 -0000
Reply-to: Bug 1367004 <1367004@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You gloss over the security issues in your MIR description.  The most
recent release fixed three CVEs...

Given such security sensitiveness of gnupg wrappers, can you explain why
it'd be worth having two python wrappers in main?  We already have
python-gpgme.  Do they offer different functionality?

** Changed in: python-gnupg (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to python-gnupg in Ubuntu.
https://bugs.launchpad.net/bugs/1367004

Title:
  [MIR] python-gnupg

Status in “python-gnupg” package in Ubuntu:
  Incomplete

Bug description:
  Availability: 
  % apt-cache show python-gnupg | grep -i section
  Section: universe/python

  Rationale:
  As shown here: http://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg python-gnupg is a run-time dependency of system-image, which is the system upgrader for, and seeded into Ubuntu Touch.

  Security, QA
  The package is well supported upstream, in Debian, and in Ubuntu.
  LP: #1283783 describes an upgrading bug, but I have not yet investigated it.

  UI standards: n/a

  Dependencies: None that aren't already in main.

  Standards compliance: No known issues.

  Maintenance: No known issues.

  This is the generally accepted best gnupg wrapper for Python.  It
  supports both Python 2 and 3.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-gnupg/+bug/1367004/+subscriptions

References

[Bug 1367004] [NEW] [MIR] python-gnupg
From: Barry Warsaw, 2014-09-08