[Bug 1687454] Re: [MIR] nghttp2
ChristianEhrhardt
1687454 at bugs.launchpad.net
Thu Jan 11 06:04:15 UTC 2018
curl portion done since 7.57.0-1ubuntu1 - setting fix released.
** Changed in: curl (Ubuntu)
Assignee: ChristianEhrhardt (paelzer) => LocutusOfBorg (costamagnagianfranco)
** Changed in: curl (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1687454
Title:
[MIR] nghttp2
Status in apache2 package in Ubuntu:
Fix Released
Status in curl package in Ubuntu:
Fix Released
Status in nghttp2 package in Ubuntu:
Fix Released
Bug description:
Availability: src:nghttp2 is in artful/universe and builds binary
packages for all available architectures.
Rationale: In order to enable apache2's support for HTTP/2,
libnghttp2-14 must be in main (libnghttp2-dev is added as a b-d for
src:apache2, but it can remain in universe). The other binary packages
produced by src:nghttp2 should remain in universe. While upstream
Apache still describes mod_http2 as 'experimental'
(https://httpd.apache.org/docs/2.4/mod/mod_http2.html), we presumably
want to enable it by 18.04. It makes sense to process this MIR now so
that we can work through issues with HTTP/2 support during the 17.10
cycle.
Rationale update: Upstream Apache has indicated 2.4.26 will 'unmark'
mod_http2 has 'experimental':
https://httpd.apache.org/docs/2.4/howto/http2.html#comments_section
Rationale update v2: The public page referred above already has
removed the note and marked http2 as an "extension".
Quality assurance:
The only package needed at runtime to be in main is libnghttp2-14 (current ABI) itself. As this is only a library, there is no configuration required after installation.
No debconf questions are asked by default during the installation of libnghttp2-14.
There are no long-term outstanding bugs against libnghttp2.
Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/nghttp2
- There is one automated (it seems) report of a security issue with the 16.04 version. I have not yet confirmed if it was/is present in the latest versions.
+ I received a forward offlist between the bug reporter and upstream developer. This particular issue is in example code which documents potential usage, but is not part of the shipped library itself.
Debian bugs: https://bugs.debian.org/cgi-bin/pkgreport.cgi?dist=unstable;src=nghttp2
- Two bugs, neither of which are serious.
Upstream issue tracker: https://github.com/nghttp2/nghttp2/issues
- There are currently 175 open issues for the upstream project.
- It is not yet clear how many of these issues are in the core library vs. the binary tools built by the upstream project.
The package seems to be well-maintained in Debian.
The package does not interact with exotic hardware (or hardware at all).
Based upon the latest build logs, some tests are run, but not all. I will investigate if all tests can be run during the build.
The package's debian/watch file is current.
UI standards: N/A, as the library is not a user-facing application.
Dependencies: The only binary dependency of libngttp2-14 is libc6
which is in main.
Standards compliance: The package meets the FHS and Debian Policy
standards.
Maintenance: I have subscribed Ubuntu Server to the nghttp2 source
package as the "owning" team.
Background information:
There are significant improvements associate with HTTP/2. It was
deferred in 16.04 because it was considered 'too new' at the time.
While Apache still describes the mod as 'experimental' it feels like
18.04 must ship the module in order to promote/support its adoption
during the 5-year support cycle for that LTS release.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1687454/+subscriptions
More information about the foundations-bugs
mailing list