[Bug 1790855] Re: [MIR] gpsd

 Christian Ehrhardt  1790855 at bugs.launchpad.net
Tue Oct 23 15:29:25 UTC 2018 

** Description changed:

  FYI: We want to only seed the two binary packages:
  - gpsd
  - libgpsd23
  But none of the others (further bindings, tools, ...)
- They will stay "only" a suggest from Chrony, so the seeding will pull them into Main.
+ They will stay "only" a suggest from Chrony, but we want to add them to the supported seed to reflect their elevated support status.
  
  Availability: GPSD is available since quite a while and builds for all
  architectures
  
  Rationale:
  - The package is the de-facto way to feed GPS HW-based time info into chrony which became the main NTP server with Bionic.
  - All users using HW assisted NTP would be glad to have this in main
  - It is not a dependency for chrony, but we'd seed it to get into main and add a suggest to chrony (while HW people want it the majority of the community is good without, so no depends/recommend)
  - in some way the replacement ntp->chrony was only half of it as ntp had ntp-server AND GPS reading capabilties. This MIR fills the gap created by that.
  
  Security:
  - there two (fairly old) CVEs aganst GPSD
    => https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gpsd
  - since the above nothing came up, the project itself is active and vital IMHO
    => https://www.openhub.net/p/gpsd
  - One of the issues has a USN, maybe the security team remembers if that was ok or bad back then
    => https://usn.ubuntu.com/1820-1/
  
  Quality assurance:
  - After installing the package just needs to be told on which device to work, then it will gather GPS data (that is as minimal as it can be I'd think).
  - no debconf on install
  - long term this had a few crashes back in 2012-2014 but not much since then (a few actually unrelatred apport reports on postinst issues); nothing should stop considering this for main IMHO
  => https://bugs.launchpad.net/ubuntu/+source/gpsd
  => https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=gpsd
  - The one related important bug IMHO is bug 1790496 which will add apparmor to GPSD which I'd prefer when we grant it main (I wait on a security review there)
  - "exotic hardware" is part of the GPSD story we (server team) have two kinds of receivers to test but there is a vast array of potential receivers which we will not be able to test all of them.
  - a debian/watch file is in place
  
  UI standards:
  - not a UI package
  
  Dependencies:
  - Dependencies are sane (all in main and not deprecated)
    GPSD:
    Depends: netbase | systemd-sysv, lsb-base (>= 3.2-13), adduser (>= 3.34), libbluetooth3 (>= 4.91), libc6 (>= 2.27), libdbus-1-3 (>= 1.9.14), libusb-1.0-0 (>= 2:1.0.8), libgps23 (= 3.17-5build1)
    Recommends: udev, python
    LIBGPS23
    Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.9.14), libstdc++6 (>= 5)
  - There are a few universe build-depends, but nothing totally outdated IMHO
  
  Standards compliance:
  - meets the FHS
  - follows (an older) standard 3.9.2
  
  Maintenance:
  - so far was mostly a sync, only now we pick up more work on it.
  - DPB confirmed the server team would take over package subscription and maintainership as owning team
  
  Background information:
  Receiving GPS signals just to do so would be no core value of Ubuntu and not main-worthy. But being the de-facto way to feed the main ntp server (chrony) in Ubunutu with GPS data to improve time makes it a candidate.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gpsd in Ubuntu.
https://bugs.launchpad.net/bugs/1790855

Title:
  [MIR] gpsd

Status in gpsd package in Ubuntu:
  Incomplete

Bug description:
  FYI: We want to only seed the two binary packages:
  - gpsd
  - libgpsd23
  But none of the others (further bindings, tools, ...)
  They will stay "only" a suggest from Chrony, but we want to add them to the supported seed to reflect their elevated support status.

  Availability: GPSD is available since quite a while and builds for all
  architectures

  Rationale:
  - The package is the de-facto way to feed GPS HW-based time info into chrony which became the main NTP server with Bionic.
  - All users using HW assisted NTP would be glad to have this in main
  - It is not a dependency for chrony, but we'd seed it to get into main and add a suggest to chrony (while HW people want it the majority of the community is good without, so no depends/recommend)
  - in some way the replacement ntp->chrony was only half of it as ntp had ntp-server AND GPS reading capabilties. This MIR fills the gap created by that.

  Security:
  - there two (fairly old) CVEs aganst GPSD
    => https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gpsd
  - since the above nothing came up, the project itself is active and vital IMHO
    => https://www.openhub.net/p/gpsd
  - One of the issues has a USN, maybe the security team remembers if that was ok or bad back then
    => https://usn.ubuntu.com/1820-1/

  Quality assurance:
  - After installing the package just needs to be told on which device to work, then it will gather GPS data (that is as minimal as it can be I'd think).
  - no debconf on install
  - long term this had a few crashes back in 2012-2014 but not much since then (a few actually unrelatred apport reports on postinst issues); nothing should stop considering this for main IMHO
  => https://bugs.launchpad.net/ubuntu/+source/gpsd
  => https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=gpsd
  - The one related important bug IMHO is bug 1790496 which will add apparmor to GPSD which I'd prefer when we grant it main (I wait on a security review there)
  - "exotic hardware" is part of the GPSD story we (server team) have two kinds of receivers to test but there is a vast array of potential receivers which we will not be able to test all of them.
  - a debian/watch file is in place

  UI standards:
  - not a UI package

  Dependencies:
  - Dependencies are sane (all in main and not deprecated)
    GPSD:
    Depends: netbase | systemd-sysv, lsb-base (>= 3.2-13), adduser (>= 3.34), libbluetooth3 (>= 4.91), libc6 (>= 2.27), libdbus-1-3 (>= 1.9.14), libusb-1.0-0 (>= 2:1.0.8), libgps23 (= 3.17-5build1)
    Recommends: udev, python
    LIBGPS23
    Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.9.14), libstdc++6 (>= 5)
  - There are a few universe build-depends, but nothing totally outdated IMHO

  Standards compliance:
  - meets the FHS
  - follows (an older) standard 3.9.2

  Maintenance:
  - so far was mostly a sync, only now we pick up more work on it.
  - DPB confirmed the server team would take over package subscription and maintainership as owning team

  Background information:
  Receiving GPS signals just to do so would be no core value of Ubuntu and not main-worthy. But being the de-facto way to feed the main ntp server (chrony) in Ubunutu with GPS data to improve time makes it a candidate.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gpsd/+bug/1790855/+subscriptions

More information about the foundations-bugs mailing list