[Bug 1862773] Re: [MIR] python-tabulate (dependency of cinder)
James Page
james.page at ubuntu.com
Wed Feb 12 10:34:05 UTC 2020
** Description changed:
- [MIR] python-tabulate (dependency of cinder)
+ [Availability]
+ In universe
+
+ [Rationale]
+ Taken from the upstream commit that makes this change:
+
+ PrettyTable is no longer maintained and the last release was in 2013.
+ There are starting to be deprecation warnings emitted with newer Python
+ releases.
+
+ Various attempts to revive a fork haven't gained much traction. A common
+ recommendation is to move away from PrettyTable to tabulate. This
+ switches our usage to a close equivalent using that library instead.
+
+ [Security]
+ No security history
+
+ https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tabulate
+
+
+ [Quality assurance]
+ Package has unit tests which are run as part of the package build.
+
+ [Dependencies]
+ All in main
+
+ [Standards compliance]
+ OK-ish - simple package but not updated to latest Standards-Version
+
+ [Maintenance]
+ Not that well maintained in Debian - last update was an NMU in October 2019 to remove Py2 support. More recent updates in Ubuntu to bump version and execute unit tests as part of package builld.
+
+ [Background information]
+ tabulate provides similar function to prettytable - however not all openstack projects have made the switch and there are other reverse-depends in main for python3-prettytable:
+
+ $ reverse-depends -c main python3-prettytable
+ Reverse-Depends
+ * ceph-common [amd64 arm64 armhf ppc64el s390x]
+ * python3-automaton
+ * python3-blazarclient
+ * python3-ceilometerclient
+ * python3-cinder
+ * python3-cinderclient
+ * python3-cliff
+ * python3-futurist
+ * python3-glance
+ * python3-glanceclient
+ * python3-heatclient
+ * python3-magnumclient
+ * python3-manilaclient
+ * python3-monascaclient
+ * python3-nova
+ * python3-novaclient
+ * python3-oslo.upgradecheck
+ * python3-osprofiler
+ * python3-seamicroclient
+ * python3-senlinclient
+ * python3-troveclient
+
+ That said it formats output for python applications so would be
+ considered fairly low risk from a security perspective so having two
+ similar pkgs in main but be more palatable.
** Changed in: python-tabulate (Ubuntu)
Status: Incomplete => New
** Changed in: python-tabulate (Ubuntu)
Assignee: Ubuntu OpenStack (ubuntu-openstack) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is a bug assignee.
https://bugs.launchpad.net/bugs/1862773
Title:
[MIR] python-tabulate (dependency of cinder)
Status in python-tabulate package in Ubuntu:
New
Bug description:
[Availability]
In universe
[Rationale]
Taken from the upstream commit that makes this change:
PrettyTable is no longer maintained and the last release was in 2013.
There are starting to be deprecation warnings emitted with newer Python
releases.
Various attempts to revive a fork haven't gained much traction. A common
recommendation is to move away from PrettyTable to tabulate. This
switches our usage to a close equivalent using that library instead.
[Security]
No security history
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tabulate
[Quality assurance]
Package has unit tests which are run as part of the package build.
[Dependencies]
All in main
[Standards compliance]
OK-ish - simple package but not updated to latest Standards-Version
[Maintenance]
Not that well maintained in Debian - last update was an NMU in October 2019 to remove Py2 support. More recent updates in Ubuntu to bump version and execute unit tests as part of package builld.
[Background information]
tabulate provides similar function to prettytable - however not all openstack projects have made the switch and there are other reverse-depends in main for python3-prettytable:
$ reverse-depends -c main python3-prettytable
Reverse-Depends
* ceph-common [amd64 arm64 armhf ppc64el s390x]
* python3-automaton
* python3-blazarclient
* python3-ceilometerclient
* python3-cinder
* python3-cinderclient
* python3-cliff
* python3-futurist
* python3-glance
* python3-glanceclient
* python3-heatclient
* python3-magnumclient
* python3-manilaclient
* python3-monascaclient
* python3-nova
* python3-novaclient
* python3-oslo.upgradecheck
* python3-osprofiler
* python3-seamicroclient
* python3-senlinclient
* python3-troveclient
That said it formats output for python applications so would be
considered fairly low risk from a security perspective so having two
similar pkgs in main but be more palatable.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-tabulate/+bug/1862773/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list