[Bug 1930111] Re: [MIR] new dependencies of cherrypy3: jaraco.collections, jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools, python-tempora, python-portend, zc.lockfile
James Page
1930111 at bugs.launchpad.net
Wed Jun 9 08:38:56 UTC 2021
- Previous message (by thread): [Bug 1930111] Re: [MIR] new dependencies of cherrypy3: jaraco.collections, jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools, python-tempora, python-portend, zc.lockfile
- Next message (by thread): [Bug 1930111] Re: [MIR] new dependencies of cherrypy3: jaraco.collections, jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools, python-tempora, python-portend, zc.lockfile
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
zc.lockfile:
[Summary]
Fairly simple python package to support IPC locks under Python3
+1 from MIR team for promotion to main.
[Duplication]
OK:
- There are similar packages in main but this is a fairly trivial python
module so no issue with some level of duplication.
[Dependencies]
OK:
- All covered on this MIR bug.
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
[Security]
OK:
- no history of CVE's (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=zc.lockfile)
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs as autopkgtest
- The package has a team bug subscriber
- no translation present, but none needed for this case
- no new python2 dependency
- Python package that is using dh_python
- test suite present and executed as part of package build
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Relatively new package so no update history
- the current release is packaged.
- promoting this does not seem to cause issues for MOTUs that so far
maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using
[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks
** Changed in: zc.lockfile (Ubuntu)
Status: New => Fix Committed
** Changed in: zc.lockfile (Ubuntu)
Assignee: James Page (james-page) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to jaraco.classes in Ubuntu.
https://bugs.launchpad.net/bugs/1930111
Title:
[MIR] new dependencies of cherrypy3: jaraco.collections,
jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools,
python-tempora, python-portend, zc.lockfile
Status in jaraco.classes package in Ubuntu:
Fix Committed
Status in jaraco.collections package in Ubuntu:
Fix Committed
Status in jaraco.text package in Ubuntu:
Fix Committed
Status in python-cheroot package in Ubuntu:
Incomplete
Status in python-jaraco.functools package in Ubuntu:
Fix Committed
Status in python-portend package in Ubuntu:
Fix Committed
Status in python-tempora package in Ubuntu:
Fix Committed
Status in zc.lockfile package in Ubuntu:
Fix Committed
Bug description:
[Availability]
All packages are already in universe, and in sync with Debian.
They are all architecture independent.
jaraco.classes, jaraco.collections is new to Debian & Ubuntu (currently only in experimental), and portend and jaraco.functools are relatively new, since 2019
cheroot and zc.lockfile have been in Debian & Ubuntu for many years.
[Rationale]
Dependencies of the new cherrypy3 18.6.0-1 release.
[Security]
No security issues ever reported for any of these libraries.
[Quality assurance]
All the packages are simple Python libraries, no configuration or debconf questions.
No open bugs in Debian or Ubuntu.
jaraco.classes, jaraco.collections, jaraco.functools, jaraco.text, portend, tempora, and zc.lockfiles's test suites are run at build time.
cheroot's test suite is not run at build time, due to missing dependencies in the archive (jaraco.context).
No significant lintian issues, although jaraco.functools, portend, tempora and zc.lockfile could fix some obvious trivial issues.
[Dependencies]
This issue is for a set of dependencies for cherrypy3
[Standards compliance]
Packages are simple python libraries, installed to the correct locations, and lintian clean (except old standards versions, compats, etc.)
[Maintenance]
All packages seem relatively well maintained upstream, and are a few years old at this point.
jaraco.classes, jaraco.collections, jaraco.functools, ported, and tempora have 0 open issues and pull requests, upstream.
chreroot has tens of open issues and pull requests, but the project hasn't stagnated, it just seems to be being actively developed.
zc.lockfile has seen no commits since 2019, but doesn't have issues and PRs piling up.
[Background information]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/jaraco.classes/+bug/1930111/+subscriptions
- Previous message (by thread): [Bug 1930111] Re: [MIR] new dependencies of cherrypy3: jaraco.collections, jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools, python-tempora, python-portend, zc.lockfile
- Next message (by thread): [Bug 1930111] Re: [MIR] new dependencies of cherrypy3: jaraco.collections, jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools, python-tempora, python-portend, zc.lockfile
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Ubuntu-openstack-bugs
mailing list