[Bug 1930111] Re: [MIR] new dependencies of cherrypy3: jaraco.collections, jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools, python-tempora, python-portend, zc.lockfile

James Page 1930111 at bugs.launchpad.net
Thu Mar 17 15:05:35 UTC 2022 

Assigning back to ubuntu-security for final review.

** Changed in: python-cheroot (Ubuntu)
     Assignee: James Page (james-page) => (unassigned)

** Changed in: python-cheroot (Ubuntu)
     Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security)

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to jaraco.collections in Ubuntu.
https://bugs.launchpad.net/bugs/1930111

Title:
  [MIR] new dependencies of cherrypy3: jaraco.collections,
  jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools,
  python-tempora, python-portend, zc.lockfile

Status in cherrypy3 package in Ubuntu:
  In Progress
Status in jaraco.classes package in Ubuntu:
  Fix Released
Status in jaraco.collections package in Ubuntu:
  Fix Released
Status in jaraco.text package in Ubuntu:
  Fix Released
Status in python-cheroot package in Ubuntu:
  New
Status in python-jaraco.functools package in Ubuntu:
  Fix Released
Status in python-portend package in Ubuntu:
  Fix Released
Status in python-tempora package in Ubuntu:
  Fix Released
Status in zc.lockfile package in Ubuntu:
  Fix Released

Bug description:
  [Availability]
  All packages are already in universe, and in sync with Debian.
  They are all architecture independent.
  jaraco.classes, jaraco.collections is new to Debian & Ubuntu (currently only in experimental), and portend and jaraco.functools are relatively new, since 2019
  cheroot and zc.lockfile have been in Debian & Ubuntu for many years.

  [Rationale]
  Dependencies of the new cherrypy3 18.6.0-1 release.

  [Security]
  No security issues ever reported for any of these libraries.

  [Quality assurance]
  All the packages are simple Python libraries, no configuration or debconf questions.
  No open bugs in Debian or Ubuntu.
  jaraco.classes, jaraco.collections, jaraco.functools, jaraco.text, portend, tempora, and zc.lockfiles's test suites are run at build time.
  cheroot's test suite is not run at build time, due to missing dependencies in the archive (jaraco.context).
  No significant lintian issues, although jaraco.functools, portend, tempora and zc.lockfile could fix some obvious trivial issues.

  [Dependencies]
  This issue is for a set of dependencies for cherrypy3

  [Standards compliance]
  Packages are simple python libraries, installed to the correct locations, and lintian clean (except old standards versions, compats, etc.)

  [Maintenance]
  All packages seem relatively well maintained upstream, and are a few years old at this point.
  jaraco.classes, jaraco.collections, jaraco.functools, ported, and tempora have 0 open issues and pull requests, upstream.
  chreroot has tens of open issues and pull requests, but the project hasn't stagnated, it just seems to be being actively developed.
  zc.lockfile has seen no commits since 2019, but doesn't have issues and PRs piling up.

  [Background information]

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cherrypy3/+bug/1930111/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list