[Bug 2051916] Re: [MIR] promote libtraceevent as a trace-cmd dependency

Tue Apr 2 15:23:17 UTC 2024

Hey everyone and Paul. First, sorry for the delayed answered (I was
thinking you would get me reassign and for some reason, I missed
subscribing to the bug)

> But I do not really understand the harm of having these entries kept
for documentation, except this could pile up and become a mess at some
point. Do we have a policy regarding the removal of these entries (count
of version, age)?

There is no strict policy, I understand the historical part of having it
for documenting. I suggest to keep it for some release, but if this is
doable, cleanup after a while. It’s not something we want to keep
hanging around forever. I see that you want to remove them in a future
upload, good!

All the required TODOs are now fullfilled, thanks for working on those!
I’m thus happy to MIR ack this package now!

** Changed in: libtraceevent (Ubuntu)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libtraceevent in Ubuntu.
https://bugs.launchpad.net/bugs/2051916

Title:
  [MIR] promote libtraceevent as a trace-cmd dependency

Status in libtraceevent package in Ubuntu:
  Fix Committed

Bug description:
  A previous MIR bug was open back in March 2023 (see LP: #2009715)

  [Availability]
  The package libtraceevent is already in Ubuntu universe.
  The package libtraceevent build for the architectures it is designed to work on.
  It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
  Link to package https://launchpad.net/ubuntu/+source/libtraceevent

  [Rationale]
  - The package libtraceevent is a runtime dependency of trace-cmd (MIR bug: LP: #2051850)
  - The package libtraceevent is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).

  [Security]
  - Nothing was found in the CVE database https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libtraceevent
  - Also nothing was found in the OSS security mailing list archive.
  - No CVE in the Ubuntu security tracker https://ubuntu.com/security/cves?package=libtraceevent
  - Nor in the Debian security tracker https://security-tracker.debian.org/tracker/source-package/libtraceevent
  - No executables in `/sbin` and `/usr/sbin`
  - Package does not install services, timers or recurring jobs
  - Packages does not open privileged ports (ports < 1024)
  - Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)

  [Quality assurance - function/usage]
  - The package works well right after install. This is a lib only used by trace-cmd and kernelshark (GUI for trace-cmd).

  [Quality assurance - maintenance]
  - The package is maintained well in Debian/Ubuntu/Upstream and does not have too many, long-term & critical, open bugs
    - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libtraceevent/+bug
    - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libtraceevent
  - The package does not deal with exotic hardware we cannot support

  [Quality assurance - testing]
  - The package runs the upstream tests during build time.
  - The package runs an autopkgtest, but it is a "superficial" one. It is currently passing on amd64, arm64, armhf, ppc64el, s390x:
   - https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/libt/libtraceevent/20240115_221359_8442e@/log.gz
   - https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/arm64/libt/libtraceevent/20240115_113513_e76ab@/log.gz
   - https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/armhf/libt/libtraceevent/20240115_113122_474d5@/log.gz
   - https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/ppc64el/libt/libtraceevent/20240115_113712_351bb@/log.gz
   - https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/s390x/libt/libtraceevent/20240115_114524_e76ab@/log.gz

  [Quality assurance - packaging]
  - debian/watch is present and works
  - debian/control defines a correct Maintainer field
  - This package does not yield massive lintian Warnings, Errors
  - One lintian override was recently added for libtraceevent1-plugin. As explained by sudipmukh this is a legitimate one.
  - This package does not rely on obsolete or about to be demoted packages.
  - The package will be installed by default, but does not ask debconf questions
  - Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/libtraceevent/tree/debian/rules

  [UI standards]
  - Application is not end-user facing (does not need translation)

  [Dependencies]
  - No further depends or recommends dependencies that are not yet in main

  [Standards compliance]
  - This package correctly follows FHS and Debian Policy

  [Maintenance/Owner]
  - The owning team will be Foundations and I have their acknowledgement for that commitment
  - The future owning team is not yet subscribed, but will subscribe to the package before promotion
  - This does not use static builds
  - This does not use vendored code
  - This package has been built recently https://launchpad.net/ubuntu/+source/libtraceevent/1:1.8.2-1/+build/27644653
  - A static libtraceevent.a library is being built and shipped in libtraceevent-dev

  [Background information]
  The Package description explains the package well.
  Upstream Name is libtraceevent
  Link to upstream project: https://git.kernel.org/pub/scm/libs/libtrace/libtraceevent.git

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libtraceevent/+bug/2051916/+subscriptions