Availability
============
Built for all supported architectures. In sync with Debian.
Rationale
=========
brotli is a file compression format and library developed and maintained by Google. brotli is required by the WOFF 2.0 format for compressed web fonts. brotli and woff2 are libraries that are technically already in main because they are bundled in Firefox and webkit2gtk.
The next major stable release of webkit2gtk, 2.20, will be released in March. It drops those 2 bundled libraries. I think our options are basically
1) Bundle those libraries anyway, or
2) Approve this MIR, or
3) Drop support for the WOFF2 format in webkit2gtk
Security
========
brotli is a security-sensitive library.
There is an open security bug for xenial that can be fixed by syncing 0.3.0+dfsg-3 from Debian.
Other Info
==========
webkit2gtk is managed similar to Firefox and Chromium. So far, new releases are pushed to Ubuntu 16.04 LTS and newer as security updates, but the Ubuntu Security Team does not guarantee security support for webkit2gtk.
We are going to need to backport brotli and woff2 into main for 16.04 LTS and 17.10. The new version of brotli adds new binary packages (in particular, the C library needed by woff2 and webkit2gtk).
brotli has no reverse dependencies in 16.04 and 17.10. (fonttools is a reverse-dependency in 18.04.)
Availability
============
Built for all supported architectures. In sync with Debian.
Rationale
=========
brotli is a file compression format and library developed and maintained by Google. brotli is required by the WOFF 2.0 format for compressed web fonts. brotli and woff2 are libraries that are technically already in main because they are bundled in Firefox and webkit2gtk.
The next major stable release of webkit2gtk, 2.20, will be released in March. It drops those 2 bundled libraries. I think our options are basically
1) Bundle those libraries anyway, or
2) Approve this MIR, or
3) Drop support for the WOFF2 format in webkit2gtk
Security
========
brotli is a security-sensitive library.
There is an open security bug for xenial that can be fixed by syncing 0.3.0+dfsg-3 from Debian.
https:/ /security- tracker. debian. org/tracker/ source- package/ brotli /launchpad. net/ubuntu/ +source/ brotli/ +cve
https:/
Quality assurance autopkgtest. ubuntu. com/packages/ b/brotli /ci.debian. net/packages/ b/brotli/
=================
- Needs bug subscriber
- dh_auto_test runs upstream build tests. Test failure would fail the build.
- New autopkgtests pass on all arches:
http://
https:/
https:/ /bugs.launchpad .net/ubuntu/ +source/ brotli /bugs.debian. org/cgi- bin/pkgreport. cgi?src= brotli /github. com/google/ brotli/ issues
https:/
https:/
Dependencies
============
No universe binary dependencies
Standards compliance ======= ======
=======
4.1.1, debhelper compat 10, dh7 simple rules
Maintenance /github. com/google/ brotli
===========
Actively maintained:
https:/
Not team maintained in Debian. /tracker. debian. org/pkg/ brotli
https:/
Other Info
==========
webkit2gtk is managed similar to Firefox and Chromium. So far, new releases are pushed to Ubuntu 16.04 LTS and newer as security updates, but the Ubuntu Security Team does not guarantee security support for webkit2gtk.
I'm waiting until woff2 is accepted into Debian and Ubuntu to file the woff2 MIR. See https:/ /bugs.debian. org/883828
We are going to need to backport brotli and woff2 into main for 16.04 LTS and 17.10. The new version of brotli adds new binary packages (in particular, the C library needed by woff2 and webkit2gtk).
brotli has no reverse dependencies in 16.04 and 17.10. (fonttools is a reverse-dependency in 18.04.)