[MIR] fonts-smc-gayathri
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fonts-smc-gayathri (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
* Availability
Currently version builds fine and is in sync from Debian
https:/
(it's a font and arch all so only amd64 build)
* Rationale
It has been added to the Malayalam fonts in Debian and is showing on component-mismatch now
* Security
No CVE/known security issue
* Quality assurance
- the desktop-packages team is subscribed to the package
- the package is in sync with Debian
- there are no open bugs on debian or launchpad
* Dependendies
The package has no depends
* Standards compliance
the package is using standard dh packaging and the current the standards-version, it is in sync from Debian
* Maintainance
The package is maintained in Debian by the fonts team, the desktop team is going to look at issues on the Ubuntu side if requires
Changed in fonts-smc-gayathri (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
[Summary]
This was as straight forward as expected.
MIR ack to the package.
Does not need an extra security review.
[Duplication]
No other Malayalam font in main that could be used.
[Embedded sources and static linking]
- no embedded source present
- no static linking
[Security]
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
[Common blockers]
- does not FTBFS currently
- does not have a test suite but then it really is just a font, no active code
- no translation present, but none needed for this case (user visible)?
- not a python package, no extra constraints to consider int hat regard
- desktop-packages is already subscribed
[Packaging red flags]
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is ok, but not that old
- Debian/Ubuntu update history is ok, but also not that old
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- not using Built-Using
[Upstream red flags]
- no Errors/warnings during the build
- no incautious use of malloc/sprintf
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- no embedded source copies
- not part of the UI for extra checks on privacy