[Bug 1820842] Re: [MIR] python-os-resource-classes

[Christian Ehrhardt ]

[Duplication]
This is split form nova with Openstack Stein.
It might appear to be a duplicate, as oder nova versions have the same classes, but it actually moved.

[Embedded sources and static linking]
No embedded sources.
No golang to consider.

[Security]
- I can confirm no CVE history (nove had CVEs but never was the code split here touched by it)
- runs no root daemon
- no webkit usage
- no libv*8 usage
- it does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not parse data formats

[Common blockers]
- currently builds fine
- bug subscriber is already set
- uses dh_python
- does not add new python2 depends (it is itself py3 only)
- no translations, but this is a back end lib (admins, not end users)
- runs a testsuite on build

[Packaging red flags]
- this is not packages in Debian, so the questions about Delta do not apply atm
- no .so library, therefore no .symbols tracking
- does have a watch file
- the old package (nova) was ok, we expect no different from this package
- the current release (matching Stein) is packaged
- maintainers are the openstack team which have no problem for uploading after promotion
- d/reuls is small and clearn
- no built-using flags
- no golang to consider
- no Massive Lintian issues (only watch gpg check, out of date standartds, no dep8)

[Upstream red flags]
- no important errors/warngins during build
- no malloc/sprintf (python)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no Important bugs in Debian (it isn't in Debian), Ubuntu (only the MIR) or Upstream
- no Dependency on webkit, qtwebkit, seed or libgoa-*
- no Embedded source copies
- not part of (Unity) Dash

[Summary]
As outlined not only does it seem safe and the code is small and clean, but also was it formerly in main already as part of nova.
Therefore we don't need a new security review and can ack this package for the MIR process.


** Changed in: python-os-resource-classes (Ubuntu)
     Assignee: Christian Ehrhardt  (paelzer) => (unassigned)

** Changed in: python-os-resource-classes (Ubuntu)
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-os-resource-classes in Ubuntu.
https://bugs.launchpad.net/bugs/1820842

Title:
  [MIR] python-os-resource-classes

Status in python-os-resource-classes package in Ubuntu:
  In Progress

Bug description:
  [Availability]
  In universe

  [Rationale]
  New dependency for nova and placement projects.

  [Security]
  No security history

  [Quality assurance]
  Package builds, unit tests.

  [Dependencies]
  All in main.

  [Standards compliance]
  OK

  [Maintenance]
  ubuntu-openstack

  [Background information]
  Basically a split out of nova resource concepts for use in nova and the new generic placement service for resource scheduling.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-os-resource-classes/+bug/1820842/+subscriptions