[MIR] libnet-snmp-perl as a dependency of amavisd-new
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libnet-snmp-perl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Summary]
=========
Please promote bin:libnet-
[Rationale]
===========
libnet-snmp-perl is a runtime dependency of amavisd-new, which is in main.
The packages is not in main already because it was not specified in d/control, see [0]. According to the upstream release notes [2] this
has been the case since version 2.6.4. Note that Precise packages version
2.6.5 already.
The missing dependency is not immediately visible at such as it only
causes failures when using amavisd-
the amavisd-new package and therefore is in main.
[Availability]
==============
Upstream: the module exists since 1998. Upstream development doesn't
seem to be active, but OTOH this module like many others in the perl5
ecosystem can be considered in maintenance mode at this point.
Debian: libnet-snmp-perl was first packaged in Debian in 2000 and it's
actively maintained, see [3] and d/changelog.
Ubuntu: the package is a sync from Debian across all the supported Ubuntu releases (and also across the >=Precise unsupported ones).
It is unlikely that the library will be superseded or deprecated in the foreseeable future.
[Security]
==========
The package is a SNMP client library. It provides no daemons or services
in general, does not open ports, does not require special privileges to
operate, and does not install setuid binaries.
I see no need for looping in the security team.
[Quality assurance]
===================
Upstream has a test suite which is exercised during the .deb package build.
Debian has only one bug open against the package, which IIUC is about
how the module handles a non-RFC-compliant SNMP server. The bug has been
forwarded upstream, and IMO shouldn't be considered a blocker for main
inclusion.
Upstream bugs are tracked on CPAN [4]. The bug count is low given the
age of the project, with the latest ones being forwards from Debian.
I can see no red flags there.
Ubuntu has no bugs filed against the package.
[Dependencies]
Depends only on perl:any, so we're good here.
[Standards compliance]
The package is in good shape, it's well maintained and follows
standards and best practices. The only thing `lintian -EvIL +pedantic` complains about is:
X: libnet-snmp-perl source: debian-
There are however two lintian overrides for the binary package:
libnet-snmp-perl: library-
libnet-snmp-perl: application-
Lintian is right, but apparently the Debian maintainers decided this is a wontfix. The fix would consist in splitting out a "-tools" package out of the "lib" one, I can see it's probably not worth it.
[Maintenance]
=============
The Server Team will maintain the package. The maintenance effort is expected to be very low.
[0] https:/
[1] https:/
[2] https:/
[3] https:/
[4] https:/
description: | updated |
description: | updated |
description: | updated |
description: | updated |
summary: |
- [WIP] [MIR] libnet-snmp-perl as a dependency of amavisd-new + [MIR] libnet-snmp-perl as a dependency of amavisd-new |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in libnet-snmp-perl (Ubuntu): | |
assignee: | nobody → Didier Roche (didrocks) |
I fear that you mixed up two packages here:
libnet-snmp-perl 6.0.1 with the Perl module Net::SNMP from https:/ /metacpan. org/dist/ Net-SNMP (unchanged upstream since 2010).
and
libsnmp-perl 5.9(.1) with the Perl modules SNMP and NetSNMP::* from https:/ /net-snmp. sourceforge. io/ and http:// github. com/net- snmp/net- snmp/
I don't know which of them is used by amavisd-ng, but libnet-snmp-perl 6.0.1 isn't updated upstream since 2010, but is actively maintained by the Debian Perl team (including me).
Greetings
Roland