I have some reservations on the fact that the API and ABI are not stable, and having thus the revision in the soname (actually even, the date!). See more info about symbol tracking in the dedicated section above and why I think this is ok. Also, there is no official releases but only snapshots. However, this wouldn’t be the first one in that case being promoted in main and both upstream and debian tracking looks good. Notes: Required TODOs: - version blocked in proposed FTBFS on multiple archs. This needs fixing before final ack. - as a reminder, once acked, needs a team subscribed before promotion. Recommended TODOs: - see the additional notes below (reporting the warning during build for instance) [Duplication] There is no other package in main providing the same functionality. [Dependencies] OK: - no other Dependencies to MIR due to this - no -dev/-debug/-doc packages that need exclusion [Embedded sources and static linking] OK: - no embedded source present - no static linking [Security] OK: - history of CVEs does not look concerning - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not parse data formats - does not open a port - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) [Common blockers] OK: - does have a test suite that runs at build time - test suite fails will fail the build upon error. - does have a test suite that runs as autopkgtest - no translation present, but none needed for this case (user visible)? - not a python/go package, no extra constraints to consider in that regard Problems: - version blocked in proposed FTBFS on multiple archs. - The package needs a team bug subscriber (agreeing that can be just done just before promoting the package) [Packaging red flags] OK: - Ubuntu does not carry a delta - d/watch is present and looks ok - Upstream update history is good (no release though, but code maintained) - Debian/Ubuntu update history is good - there is no current release, but a recent snapshot is packaged - promoting this does not seem to cause issues for MOTUs that so far - no massive Lintian warnings - d/rules is rather clean - Does not have Built-Using Problems: - No symbols tracking is in place. The package used to have one, but this one was reverted https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966183 due to the fact that there is no stable API or ABI. The package thus force to depend on an exact version and this is a NEW binary package at every new update. This wouldn’t be the first case of this in main (compiz, nux, e-d-s…). Also, the number of reverse dependencies (outside the current package) is rather small: $ reverse-depends libabsl20200923 Reverse-Depends * libabsl-dev * libgav1-0 * libgav1-bin * libgrpc++1 * libgrpc10 * python3-grpcio So, basically 2 sources packages will need a transition (and already needs in universe) : - grpc (in sync with Debian) - libgav1 (in sync with Debian) As both are in sync with Debian, this doesn’t add more maintainance on us. [Upstream red flags] OK: - no Errors/warnings during the build - no incautious use of malloc/sprintf (as far as I can check it) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian or Ubuntu - no dependency on webkit, qtwebkit, seed or libgoa-* - not part of the UI for extra checks Problems: One minor warning during build: /tmp/ccmiXRG2.s: Assembler messages: /tmp/ccmiXRG2.s:70723: Warning: ignoring changed section attributes for .text