[Bug 1862773] Re: [MIR] python-tabulate (dependency of cinder)

James Page james.page at ubuntu.com
Wed Feb 12 10:34:05 UTC 2020 

** Description changed:

- [MIR] python-tabulate (dependency of cinder)
+ [Availability]
+ In universe
+ 
+ [Rationale]
+ Taken from the upstream commit that makes this change:
+ 
+ PrettyTable is no longer maintained and the last release was in 2013.
+ There are starting to be deprecation warnings emitted with newer Python
+ releases.
+ 
+ Various attempts to revive a fork haven't gained much traction. A common
+ recommendation is to move away from PrettyTable to tabulate. This
+ switches our usage to a close equivalent using that library instead.
+ 
+ [Security]
+ No security history
+ 
+ https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tabulate
+ 
+ 
+ [Quality assurance]
+ Package has unit tests which are run as part of the package build.
+ 
+ [Dependencies]
+ All in main
+ 
+ [Standards compliance]
+ OK-ish - simple package but not updated to latest Standards-Version
+ 
+ [Maintenance]
+ Not that well maintained in Debian - last update was an NMU in October 2019 to remove Py2 support.  More recent updates in Ubuntu to bump version and execute unit tests as part of package builld.
+ 
+ [Background information]
+ tabulate provides similar function to prettytable - however not all openstack projects have made the switch and there are other reverse-depends in main for python3-prettytable:
+ 
+ $ reverse-depends -c main python3-prettytable
+ Reverse-Depends
+ * ceph-common [amd64 arm64 armhf ppc64el s390x]
+ * python3-automaton
+ * python3-blazarclient
+ * python3-ceilometerclient
+ * python3-cinder
+ * python3-cinderclient
+ * python3-cliff
+ * python3-futurist
+ * python3-glance
+ * python3-glanceclient
+ * python3-heatclient
+ * python3-magnumclient
+ * python3-manilaclient
+ * python3-monascaclient
+ * python3-nova
+ * python3-novaclient
+ * python3-oslo.upgradecheck
+ * python3-osprofiler
+ * python3-seamicroclient
+ * python3-senlinclient
+ * python3-troveclient
+ 
+ That said it formats output for python applications so would be
+ considered fairly low risk from a security perspective so having two
+ similar pkgs in main but be more palatable.

** Changed in: python-tabulate (Ubuntu)
       Status: Incomplete => New

** Changed in: python-tabulate (Ubuntu)
     Assignee: Ubuntu OpenStack (ubuntu-openstack) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is a bug assignee.
https://bugs.launchpad.net/bugs/1862773

Title:
  [MIR] python-tabulate (dependency of cinder)

Status in python-tabulate package in Ubuntu:
  New

Bug description:
  [Availability]
  In universe

  [Rationale]
  Taken from the upstream commit that makes this change:

  PrettyTable is no longer maintained and the last release was in 2013.
  There are starting to be deprecation warnings emitted with newer Python
  releases.

  Various attempts to revive a fork haven't gained much traction. A common
  recommendation is to move away from PrettyTable to tabulate. This
  switches our usage to a close equivalent using that library instead.

  [Security]
  No security history

  https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tabulate

  
  [Quality assurance]
  Package has unit tests which are run as part of the package build.

  [Dependencies]
  All in main

  [Standards compliance]
  OK-ish - simple package but not updated to latest Standards-Version

  [Maintenance]
  Not that well maintained in Debian - last update was an NMU in October 2019 to remove Py2 support.  More recent updates in Ubuntu to bump version and execute unit tests as part of package builld.

  [Background information]
  tabulate provides similar function to prettytable - however not all openstack projects have made the switch and there are other reverse-depends in main for python3-prettytable:

  $ reverse-depends -c main python3-prettytable
  Reverse-Depends
  * ceph-common [amd64 arm64 armhf ppc64el s390x]
  * python3-automaton
  * python3-blazarclient
  * python3-ceilometerclient
  * python3-cinder
  * python3-cinderclient
  * python3-cliff
  * python3-futurist
  * python3-glance
  * python3-glanceclient
  * python3-heatclient
  * python3-magnumclient
  * python3-manilaclient
  * python3-monascaclient
  * python3-nova
  * python3-novaclient
  * python3-oslo.upgradecheck
  * python3-osprofiler
  * python3-seamicroclient
  * python3-senlinclient
  * python3-troveclient

  That said it formats output for python applications so would be
  considered fairly low risk from a security perspective so having two
  similar pkgs in main but be more palatable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-tabulate/+bug/1862773/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list