[Bug 2089244] Re: [MIR] python-legacy-cgi
James Page
2089244 at bugs.launchpad.net
Tue Jan 7 14:29:54 UTC 2025
** Tags added: open-2730
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-legacy-cgi in Ubuntu.
https://bugs.launchpad.net/bugs/2089244
Title:
[MIR] python-legacy-cgi
Status in python-legacy-cgi package in Ubuntu:
New
Bug description:
[Availability]
The package python-legacy-cgi is already in Ubuntu universe.
The package build for the architectures it is designed to work on.
It currently builds and works for architectures: all
Link to package https://launchpad.net/ubuntu/+source/python-legacy-cgi
Upstream project: https://pypi.org/project/legacy-cgi/
[Rationale]
- The package python-legacy-cgi is a new runtime dependency of package python-webob that
we already support
- The package provides the 'cgi' module that was part of the Python stdlib prior to Python 3.13
- The long term approach should be to re-write libraries and apps to not use CGI, moving
to alternative WSGI based frameworks - this package buys some time for upstream projects to
complete this work - webob looks like it will transition for the 2.x release.
[Security]
As this module was part of the core Python stdlib searched for python + cgi instead:
- No CVEs/security issues in this software in the past
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python+cgi
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/python-legacy-cgi/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=python-legacy-cgi
- Upstream's bug tracker, e.g., GitHub Issues
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build log TBD
- The package runs an autopkgtest, and is currently passing on
this !i386 list of architectures, link to test logs
https://autopkgtest.ubuntu.com/packages/python-legacy-cgi/plucky/amd64
- The package does have not failing autopkgtests right now
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package:
https://launchpad.net/ubuntu/+source/python-legacy-cgi/2.6.1-2/+build/29268376
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy, link to debian/rules:
https://git.launchpad.net/ubuntu/+source/python-legacy-cgi/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be ubuntu-openstack and I have their acknowledgement for
that commitment
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built within the last 3 months in the archive
- Build link on launchpad: https://launchpad.net/ubuntu/+source/python-legacy-cgi/2.6.1-2/+build/29268376
[Background information]
This package is a fork of the cgi and cgitb modules that formed part of the stdlib until Python 3.13.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-legacy-cgi/+bug/2089244/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list