[Bug 1543641] Re: [MIR] python-sqlalchemy-utils

James Page 1543641 at bugs.launchpad.net
Mon Jul 27 05:58:40 UTC 2020 

[Summary]
SQLAlchemy-Utils extends SQLAlchemy with various new data types and helpers.

The new data types include JSON and Encrypted types.

SQLAlchemy provides an Object-Relation Mapping python library.

This does need a security review, so assigning ubuntu-security.

MIR team approval for inclusion in main (pending security review).

Actions:
  python3-intervals required for latest package build - ubuntu-archive
  Update to latest point release (0.36.8) - ubuntu-openstack
  Submit packaging changes back to Debian - ubuntu-openstack

[Duplication]
There is no other package in main providing the same functionality.

[Dependencies]
OK:
 - no other Dependencies to MIR due to this
 - no -dev/-debug/-doc packages that need exclusion

TODO: Problems:

[Embedded sources and static linking]
OK:
 - no embedded source present
 - no static linking

TODO: Problems:

[Security]
OK:
 - history of CVEs does not look concerning
   No history of CVE's
   
 - does not run a daemon as root
 - does not use webkit1,2
 - does not use lib*v8 directly
 - does not parse data formats
   Lots of data format handling including encryption -
   passing to security team for review.
   
 - does not open a port
 - does not process arbitrary web content
 - does not use centralized online accounts
 - does not integrate arbitrary javascript into the desktop
 - does not deal with system authentication (e.g. pam), etc)

[Common blockers]
OK:
 - does not FTBFS currently
   Current upload in Ubuntu blocked due to missing BD (python3-intervals).
   Checking the source this is a build time only requirement and the
   package is in the NEW queue for archive-admin review.

 - does have a test suite that runs at build time
   - test suite fails will fail the build upon error.
   No - package tests are run as autopkgtest due to the requirement
   for MySQL and PostgreSQL databases for testing.
   
 - does have a test suite that runs as autopkgtest
   Yes - the latest upload has autopkgtests.
    
 - The package has a team bug subscriber
   ubuntu-openstack
   
 - no translation present, but none needed for this case.
 - no new python2 dependency
 - Python package that is using dh_python

[Packaging red flags]
OK:
 - Ubuntu does carry a delta, but it is reasonable and maintenance under control
   Recent delta to add autopkgtests - this should be submitted back
   to Debian for consideration for inclusion by the Debian
   package maintainer.
    
 - symbols tracking not applicable for this kind of code.
 - d/watch is present and looks ok
 - Upstream update history is good
 - Debian/Ubuntu update history is good
 - the current release is packaged
   No - its a couple of point releases behind (0.36.8)
   This is not a blocker for main inclusion as Ubuntu is
   the same major version.
   
 - promoting this does not seem to cause issues for MOTUs that so far
   maintained the package
 - no massive Lintian warnings
 - d/rules is rather clean
 - not using Built-Using

Recommendations:
  Update to latest point release (0.36.8)
  Submit packaging changes back to Debian.

[Upstream red flags]
OK:
 - no Errors/warnings during the build
 - no incautious use of malloc/sprintf (as far as I can check it)
 - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
 - no use of user nobody
 - no use of setuid
 - no important open bugs (crashers, etc) in Debian or Ubuntu
 - no dependency on webkit, qtwebkit, seed or libgoa-*
 - no embedded source copies
 - not part of the UI for extra checks

** Changed in: python-sqlalchemy-utils (Ubuntu)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1543641

Title:
  [MIR] python-sqlalchemy-utils

Status in python-sqlalchemy-utils package in Ubuntu:
  New

Bug description:
  [MIR] python-sqlalchemy-utils

  [Availability]
  Currently in universe.

  [Rationale]
  python-sqlalchemy-utils is a dependency of python-taskflow which is a dependency of several OpenStack packages.

  [Security]
  No security history.

  [Quality Assurance]
  Package works out of the box with no prompting. There are no major bugs in Ubuntu and there are no major bugs in Debian. Unit tests are run during build.

  [Dependencies]
  All are in main.

  [Standards Compliance]
  FHS and Debian Policy compliant.

  [Maintenance]
  Simple python package that the OpenStack Team will take care of.

  [Background]
  This package provides various utility functions, new data types and helpers for SQLAlchemy.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-sqlalchemy-utils/+bug/1543641/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list