[Bug 2003083] Re: [MIR] libstring-license-perl

Adrien Nader 2003083 at bugs.launchpad.net
Wed Feb 22 13:34:52 UTC 2023 

NB: libstring-license-perl is very young because it is split off from
licensecheck; instead of referring to the history of this new package, I will
often refer to licensecheck's

[Availability]
- The package libstring-license-perl is already in Ubuntu universe.
- The package libstring-license-perl builds for the architectures it is designed to work on.
- It currently builds and works for architectures: "all"
- Link to package [[https://launchpad.net/ubuntu/+source/libstring-license-perl|libstring-license-perl]]

[Rationale]
- The package libstring-license-perl is split from licesecheck and now a dependency of it
- Quoting upstream:
  + Initial CPAN release (before that part of App::Licensecheck since 2016,
    Debian devscripts since 2007, and KDE SDK since 2000).

- The package libstring-license-perl is required in Ubuntu main in time for
  23.10 since it is now a requirement for licensecheck. The licensecheck
  version that depends on this package (i.e. >= 3.3.5) is already in Debian
  testing.

[Security]
- No relevant CVEs/security issues in this software in the past
  - since this is a new package, I looked into the history of devscripts and
    licensecheck and while they had security issues, these are not related to
    this new package

- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs

[Quality assurance - function/usage]
- The package works well right after install

[Quality assurance - maintenance]
- libstring-license-perl is too recent and looking at licensecheck's history
  is more relevant
- licensecheck itself has no pending critical bug
- there are several bug reports that ask for more/better detection but I think
  it is quite expected that licensecheck cannot handle all situations (this
  part of licensecheck is the one that is being put in libstring-license-perl)
- The package is maintained well in Debian/Ubuntu/Upstream and does
  not have too many, long-term & critical, open bugs
  - Ubuntu https://bugs.launchpad.net/ubuntu/+source/licensecheck/+bug
  - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=licensecheck
  - Upstream's bug tracker: I couldn't find one but the project is so
    targetted at Debian than it seems the Debian bug tracker is the
    corresponding location

[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
  it makes the build fail.
- Build log at
  https://launchpadlibrarian.net/647702226/buildlog_ubuntu-lunar-amd64.libstring-license-perl_0.0.2-1ubuntu2_BUILDING.txt.gz
  (look for dh_auto_test)

- The package runs an autopkgtest, and is currently passing on
  all architectures (except i386 but it looks like an external issue and since
      it's perl, it is likely actually passing).
- Test logs at https://autopkgtest.ubuntu.com/packages/libstring-license-perl/lunar/amd64

- The package does have not failing autopkgtests right now

[Quality assurance - packaging]
- debian/watch is present and works

- debian/control defines a correct Maintainer field

- This package does not yield massive lintian Warnings, Errors
- Build log: https://launchpadlibrarian.net/647702226/buildlog_ubuntu-lunar-amd64.libstring-license-perl_0.0.2-1ubuntu2_BUILDING.txt.gz
- Full output from `lintian --pedantic`
   W: libstring-license-perl source: newer-standards-version 4.6.2 (current is 4.6.1.0)
   P: libstring-license-perl source: very-long-line-length-in-source-file 1086 > 512 [debian/copyright_hints:309]
   P: libstring-license-perl source: very-long-line-length-in-source-file 1135 > 512 [t/SPDX/AFL-3.0.txt:43]
   P: libstring-license-perl source: very-long-line-length-in-source-file 1140 > 512 [t/OSI/AFL-3.0:48]
   P: libstring-license-perl source: very-long-line-length-in-source-file ... use "--tag-display-limit 0" to see all (or pipe to a file/program)
- very long lines are due to license texts (including as testsuite inputs)
  which upstream has not control on; the data in debian/copyright_hints might
  have some editing errors though but it remains understandable
- Lintian overrides are present, but OK because false-positives and tracked
  upstream (bug#786450 as stated in debian/source/lintian-overrides

- This package has no python2 or GTK2 dependencies

- The package will not be installed by default

- Packaging and build is easy, full debian/rules below:
    #!/usr/bin/make -f
    %:
      dh $@
    # avoid messing with autotools files in testsuite
    override_dh_update_autotools_config:

[UI standards]
- Application is not end-user facing (does not need translation)

[Dependencies]
- No further depends or recommends dependencies that are not yet in main
  (moreover, all dependencies are current dependencies of licensecheck)

[Standards compliance]
- This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
- Owning Team will be foundations (same as licensecheck)
- Team is already subscribed to the package

- This does not use static builds

- This does not use vendored code

- This package is not rust based

- The package has been built in the archive more recently than the last
  test rebuild

[Background information]
- The Package description explains the package well
- Upstream Name is libstring-license-perl
- Link to upstream project: https://metacpan.org/pod/String::License
- This code has existed in licensecheck for very long; as far as I understand
  it was also duplicated in devscripts and kde scripts and that was likely a
  motivation to extract it as a reusable library

** Changed in: libstring-license-perl (Ubuntu)
       Status: Incomplete => New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2003083

Title:
  [MIR] libstring-license-perl

Status in libstring-license-perl package in Ubuntu:
  New
Status in licensecheck package in Ubuntu:
  New

Bug description:
  TBD by foundations

  We might want to drop the libfeature-compat-class-perl dependency,
  similarly to bug #2002426 to avoid an additional MIR, for the time
  beeing, until we can make use of the "class" feature from perl-core
  itself.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libstring-license-perl/+bug/2003083/+subscriptions

More information about the foundations-bugs mailing list