[MIR] fstrm
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fstrm (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
[Availability]
The package fstrm is already in Ubuntu universe.
The package fstrm builds for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el and s390x.
Link to package [[https:/
[Rationale]
- The package fstrm is required in Ubuntu main in 20.04, 22.04 and Kinetic
for DNSTAP support in BIND, that is enabled in Debian but disabled in Ubuntu
because 2 required dependencies (libprotobuf-c1 and libfstrm0) are in the
universe component. However, libprotobuf-c1 was recently approved for
inclusion into the main component (bug #1956617).
- The package fstrm will not generally be useful for a large part of
our user base, but is important/helpful still because DNSTAP is enabled by
upstream BIND since version 9.11, and not providing this support on Ubuntu
will move DNS server operators away from Ubuntu.
- I have prepared an SRU bug with debdiffs to enable DNSTAP support in Ubuntu
20.04, 22.04 and Kinetic (bug #1986586).
- It would be great and useful to community/processes to have the
package fstrm in Ubuntu main, but there is no definitive deadline.
[Security]
- No CVEs/security issues in this software in the past
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Package does not open privileged ports (ports < 1024)
- Package does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has not too many
and long term critical bugs open
- Ubuntu https:/
- Debian https:/
- The package has important open bugs, listing them:
https:/
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build log https:/
- The package does not run an autopkgtest because the Debian maintainer
did not provide one.
[Quality assurance - packaging]
- debian/watch is not present, instead it has nothing
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors (the warnings are
caused by bug #1977883)
- Please link to a recent build log of the package https:/
- Please attach the full output you have got from
`lintian --pedantic` as an extra post to this bug.
- The package will not be installed by default
- Packaging and build is easy, link to d/rules https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be https:/
- Team is not yet, but will subscribe to the package before promotion
- I have subscribed to all changes and comments for bugs in this package.
- This does not use static builds
- This does not use vendored code, except for m4 files used only by Autoconf
- This package is not rust based
- The package successfully built during the most recent test rebuild
[Background information]
The Package description explains the package well
Upstream Name is fstrm
Link to upstream project https:/
Changed in fstrm (Ubuntu): | |
status: | New → Incomplete |
description: | updated |
Changed in fstrm (Ubuntu): | |
status: | Incomplete → New |
description: | updated |
Changed in fstrm (Ubuntu): | |
status: | Incomplete → New |
description: | updated |
I'm going to make a few comments here:
(1) DO NOT touch the bug status of developer process bugs such as MIR and SRU bugs. **They have specific statuses set for a reason, and if you don't know what those statuses mean for those process bugs, don't touch them.** I've reset this and your previous SRU bug for BIND9 related to this to the **proper** statuses.
(2) I have some concerns. It's fairly common knowledge that it's *rare* MIRs happen post-release, especially on a release of Ubuntu that's 2 and a half years old at this rate. Because of this, I don't believe this is a good choice for historic MIR in pre-Jammy releases. I can see some benefit for Jammy (latest LTS), but older I would leave alone.
(3) This is extremely close to Feature Freeze for Kinetic - August 25th. I don't see any reason to expedite the MIR to reach this deadline, but in the off chance that this is NOT processed prior to Feature Freeze on August 25th 2022, then this would need to be applicable for L-series and would not make it into Kinetic. FeatureFreeze is also relevant for the changes that would add dnstap to BIND9 in Kinetic as well.
I'm of the strong opinion this should not be for pre-Jammy.
Another strong consideration: The upstream repo for this is owned by Farsight Security and has no commits to Master since April 2021. Farsight since this time has been acquired by DomainTools, so the future of Farsight maintaining these sources and packages is actually in question - there's no active change on the repositories' branches that I can see since April, despite the bugs, and there's no guarantee DomainTools will continue to let Farsight devs focus their time and effort on fstrm. Which is another consideration factor here.