[MIR] pv
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pv (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Availability]
Available in universe, built on all architectures.
[Rationale]
pv shows progress reports for data passing through a pipeline. It has recently become a requirement for GKE and thus needs to be in main.
[Security]
It only passes data from stdin to stdout and writes progress on stderr, so should not be problematic. There do not seem to be any CVEs
[Quality assurance]
Upstream has a test suite run at build. There do not seem to be any important bugs. It just works after installing.
[Dependencies]
Nothing special, just debhelper for build and Depends: libc6 (>= 2.15).
[Standards compliance]
[Maintenance]
foundations-bugs is subscribed now. The package is relatively small, and should not be a huge burden, we can probably keep it synced.
[Background information]
description: | updated |
description: | updated |
description: | updated |
summary: |
- [DRAFT] [MIR] pv + [MIR] pv |
tags: | added: id-5a382bce76f6b2c4a57705a0 |
Changed in pv (Ubuntu): | |
status: | Fix Committed → Fix Released |
pv is small and straightforward. Its own unit tests are run as part of the build, and has a bug subscriber. However, it does appear to use IPC. I've reviewed as much of it as I could and it looks like the code is prudent, taking extra steps to check for errors, etc. Still, I think it would be better if the IPC bits were reviewed by the Security Team.