[MIR] bpfcc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bpfcc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Availability]
- The package bpfcc is already in Ubuntu universe.
- The package bpfcc build for the architectures it is designed to work on.
- It currently builds and works for architectures: any
- Link to package https:/
[Rationale]
- The package bpfcc is required in Ubuntu main as a runtime dependency of
bpftrace.
- There is no other/better way to solve this that is already in main or
should go universe->main instead of this.
- The package bpftrace is required in Ubuntu main as part of the Noble Numbat
realease, and hence should be promoted to main before NN feature freeze.
[Security]
- No CVEs/security issues in this software in the past
- no `suid` or `sgid` binaries
- Binaries *-bpfcc in sbin are no problem because they are part of the
expected functionality of the package
- Package does not install services, timers or recurring jobs
- Security has been kept in mind and common isolation/
patterns are in place utilizing the following features:
the package is a debugging tool, and cannot be fully isolated.
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/
not have too many, long-term & critical, open bugs
- Ubuntu https:/
- Debian https:/
- Upstream's bug tracker, e.g., GitHub Issues
https:/
- The package has important open bugs, listing them:
https:/
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time
(Potential issue?)
- The package does not run an autopkgtest
(Potential issue?)
- The package does have not failing autopkgtests right now
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package
https:/
- Please attach the full output you have got from `lintian --pedantic` as an
extra post to this bug:
```
E: bpfcc changes: bad-distributio
W: bpfcc source: no-nmu-in-changelog [debian/
W: bpfcc source: source-
P: bpfcc source: trailing-whitespace [debian/
```
- Lintian overrides are present, they disable warnings about the lack of manpages
(Potential issue?)
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy, link to debian/rules
https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for
that commitment
- The future owning team is not yet subscribed, but will subscribe to
the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package successfully built during the most recent test rebuild
[Background information]
- The Package description explains the package well
- Upstream Name is bcc
- Link to upstream project bcc: https:/
CVE References
Changed in bpfcc (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
tags: | added: sec-3897 |
This has some potential issues but I am opening a bug about it to have somewhere to discuss.