[Bug 1794091] Re: [MIR] ruby-xmlrpc
Christian Ehrhardt
1794091 at bugs.launchpad.net
Wed Sep 26 05:21:35 UTC 2018
** Description changed:
+ 1. Availability:
+ The package is already in the Ubuntu universe, and builds for amd64
+ (arch=all package), see [1].
+
+ 2. Rationale:
+ This formerly was part of the ruby<version> [2] packages which are in main. There is a userbase relying on it, but due to this part of it now separated into an extra package we have to MIR it.
+
+ 3. Security:
+ This is a bit of a special case, as it was part of a Main package before, just now being separated I think we don't need an extra security check again.
+
+ But while not needing a new review a short 'ack' to that assumption by
+ the security team should be requested. Given that the list [2] is not
+ short.
+
+ 4. Quality assurance:
+ The package is a lib, so it is not usable on its own but dragged in via dependencies as needed and just as usable as it was prior the de-bundling.
+
+ The package has no huge list of long standing bugs [4][5] and lintian
+ --pedantic is kind of happy with it as well.
+
+ Build time tests are existing and run [6]
+ 48 tests, 242 assertions, 0 failures, 0 errors, 0 pendings, 0 omissions, 0 notifications
+
+ Also there are no outdated dependencies present.
+
+ 5. UI standards:
+ This has no UI facing tools on it'S own, so this section is n/a
+
+ 6. Dependencies:
+ This will be a leaf package
+ It will be pulled in main by ruby2.5 -> libruby -> ruby-xmlrpc
+
+ 7. Standards compliance:
+ The package should meet the [[http://www.pathname.com/fhs/|FHS]] and [[http://www.debian.org/doc/debian-policy/|Debian Policy]] standards. Major violations should be documented and justified. Also, the source packaging should be reasonably easy to understand and maintain.
+
+ 8. Maintenance:
+ The server team will subscribe to this as it is for ruby2.5 which this was separated from.
+
+ OTOH it is a very simple package and reasonably maintained in Debian, so
+ hopefully we can just sync it from Debian most of the time.
+
+ 9. Background information:
+ As mentioned multiple times, this is only making up for a split of some bits of src:ruby2.5 into this src:ruby-xmlrpc - it has its own GH page [7] if your want to check the project.
+
+ [1]: https://launchpad.net/ubuntu/+source/ruby-xmlrpc/0.3.0-2
+ [2]: https://launchpad.net/ubuntu/+source/ruby2.5
+ [3]: https://www.cvedetails.com/product/12215/Ruby-lang-Ruby.html?vendor_id=7252
+ [4]: https://bugs.launchpad.net/ubuntu/+source/ruby2.5
+ [5]: https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=ruby2.5
+ [6]: https://launchpadlibrarian.net/379621157/buildlog_ubuntu-cosmic-amd64.ruby-xmlrpc_0.3.0-2_BUILDING.txt.gz
+ [7]: https://github.com/ruby/xmlrpc
+
+
+ ---
+
ruby-xmlrpc 0.3.0 is a bundled_gem part of the libruby2.5 ABI, whilst
previously missing it is available now as a stand alone package which
ruby2.5 depends on.
please promote to main.
maintained and embeded by ruby interpreter upstream themselves, similar
to other bundled gems i.e. ruby-openssl.
** Changed in: ruby-xmlrpc (Ubuntu)
Assignee: Ubuntu Server (ubuntu-server) => Ubuntu Security Team (ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1794091
Title:
[MIR] ruby-xmlrpc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ruby-xmlrpc/+bug/1794091/+subscriptions
More information about the ubuntu-archive
mailing list