[Bug 1638957] Re: [MIR] http-parser, dependency of sssd

Andreas Hasenack andreas at canonical.com
Thu Mar 8 14:33:53 UTC 2018

** Description changed:

  Package is in universe since trusty:
  $ rmadison http-parser
   http-parser | 2.1-2   | trusty/universe | source
   http-parser | 2.1-2   | xenial/universe | source
   http-parser | 2.1-2   | artful/universe | source
   http-parser | 2.7.1-2 | bionic/universe | source
  Upstream: https://github.com/nodejs/http-parser
  sssd uses http-parser in its sssd-secrets service [https://docs.pagure.org/SSSD.sssd/design_pages/secrets_service.html], which has a REST API over a unix socket.
  The Debian sssd package has the secrets service enabled, and disabling
  it in the Ubuntu package is part of the delta we carry.
  The secrets service can be used as a generic key/value database for
  secrets, and one of its users is a kerberos KDC via KCM (Kerberos Cache
  Manager), implemented by sssd-kcm.
  sssd-secrets is unix socket activated and won't be running until there
  is a connection to that socket.
  The goal of this MIR is then twofold:
  a) drop a delta we have with regards to debian
  b) provide the sssd-secrets service for Ubuntu users
  ubuntu-security review in comment https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1638957/comments/9
  There are still no CVEs for http-parser or libhttp-parser.
  [Quality assurance]
+  * After installing the package it must be possible to make it working with a reasonable effort of configuration and documentation reading.
+ It's a library and it installs without further configuration.
+  * The package must not ask debconf questions higher than medium if it is going to be installed by default. The debconf questions must have reasonable defaults.
+ There are no debconf questions needed.
+  * There are no long-term outstanding bugs which affect the usability of the program to a major degree. To support a package, we must be reasonably convinced that upstream supports and cares for the package.
+ There are 3 ubuntu open bugs, of which this is one, and no closed bugs. These are the other 2 bugs:
+ bug #1677865: missing dep8 tests
+ bug #1733554: disable a failing test, caused by new http-parser
+ That last bug is a bit scarce on details.
+ There are no open debian bug reports.
  Reverse Depends:
-   libhttp-parser-dev
-   tcpflow-nox
-   tcpflow
-   tang-nagios
-   tang
-   ruby-http-parser.rb
-   purple-matrix
-   ocserv
-   jabberd2
-   libgit2-26
+   libhttp-parser-dev
+   tcpflow-nox
+   tcpflow
+   tang-nagios
+   tang
+   ruby-http-parser.rb
+   purple-matrix
+   ocserv
+   jabberd2
+   libgit2-26
  [Standards compliance]
  [Background information]

You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to the bug report.

  [MIR] http-parser, dependency of sssd

To manage notifications about this bug go to:

More information about the Ubuntu-server-bugs mailing list