[Bug 1017978] Re: [MIR] libfcgi, ceph (radosgw)

Wed Feb 10 09:07:07 UTC 2021

This has a comeback in 2021
We see in component mismatches libfcgi-perl -> libfcgi

libfcgi-perl is in main since >=Xenial.
The new version 0.79+ds-2 now depends on libfcgi.

libfcgi itself was in main already based on this MIR bug here - main in
Trusty/Xenial.

It was subscribed by the openstack team as ceph was (back then) the reason to bring it in.
The bug influx on this is very low, it has no Delta and also did not get "worse" since its promotion.

The full chain of the new reason to show up in mismatches is from
mysql-server-8.0 -> libhtml-template-perl -> libcgi-pm-perl -> libcgi-fast-perl -> libfcgi-perl -> libfcgi

That is for a 2008 mysql-8.0 feature:
* Add recommendation on libhtml-template-perl to -server package, used by      
  ndb_size. (closes: #462265)

And the new bit in this chain is in libfcgi-perl
In the new build 0.79+ds-2 that changed

https://launchpad.net/ubuntu/+source/libfcgi-perl/0.79-1build1
Depends: perl (>= 5.32.0-4), perlapi-5.32.0, libc6 (>= 2.28)

https://launchpad.net/ubuntu/+source/libfcgi-perl/0.79+ds-2
Depends: perl, perlapi-5.32.0, libc6 (>= 2.4), libfcgi0ldbl (>= 2.4.2)

This is due to
0.79+ds-1
 21   [ gregor herrmann ]                                                            
 22   * Add repacking framework to get rid of embedded libfcgi files.                
 23     (Closes: #971368)  

And that means we already had those bits&bytes in main - just in an embedded form.
So having it in main "properly" now seems right.

I'll subscribe the server Team for >=Hirsute and Openstack can stay
subscribed for T+X.

We have an approved MIR, we have a dependency that pulls it in, and we
have realized that the code already was in main recently as well.

I'll mark the task (Fix Committed) to reflect this can be promoted
(again) and assign ubuntu-archive to it.

** Changed in: libfcgi (Ubuntu)
       Status: Fix Released => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ceph in Ubuntu.
https://bugs.launchpad.net/bugs/1017978

Title:
  [MIR] libfcgi, ceph (radosgw)

Status in ceph package in Ubuntu:
  Fix Released
Status in libfcgi package in Ubuntu:
  Fix Committed
Status in xml2 package in Ubuntu:
  Invalid

Bug description:
  [Availability]
  ceph already in main
  libfcgi in universe

  [Rationale]
  During the 12.04 cycle, ceph was MIR'ed.

  However some parts of the package where disabled to support the late
  nature of the MIR.

  The Ceph RADOS gateway exposes a REST interface to a Ceph RADOS
  cluster. It uses fastcgi, and was currently tested on Apache and
  lighttpd.

  Note that the radosgw binary package would reside in universe -
  libfcgi is required to support building it only.

  [Security]
  CEPH has not had any known CVE's reported against it.
  No CVE's found for libfcgi (Note: different to libfcgi-perl).

  [Quality assurance]
  CEPH testsuite is currently disabled
  libfcgi does not have a test suite.

  [Dependencies]
  All in main

  [Standards compliance]
  Looks OK - libfcgi could do with with some tidy but nothing critical.

  [Maintenance]
  Ceph - active upstream with good distro relations, collab between upstream, Debian and Ubuntu on packaging convergence.
  libfcgi - well maintained in Debian - see note below about upstream concerns.

  [Background information]
  libfcgi does not appear to have had a release since 2003 - however its the only fcgi implementation I can see for C/C++.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1017978/+subscriptions