Comment 0 for bug 1709164

Jeremy Bicha (jbicha) wrote :

Availability
============
Built for all supported architectures.

In sync with Debian.

Rationale
=========
The gnome-desktop3 library 3.25.90 requires bubblewrap. bubblewrap is most commonly used as part of Flatpak's security isolation feature. Here it's being used to sandbox the thumbnailers.

See https://git.gnome.org/browse/gnome-desktop/log (changes from 3.25.4 to 3.25.90)

Security
========
No known open security vulnerabilities in any Ubuntu releases.

https://security-tracker.debian.org/tracker/source-package/bubblewrap

I helped prepare a security update (LP: #1657357) (CVE-2017-5226) for bubblewrap/flatpak several months ago.

Quality assurance
=================
Bug subscriber: should be Ubuntu Desktop Bugs

https://bugs.launchpad.net/ubuntu/+source/bubblewrap
https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=bubblewrap
https://github.com/projectatomic/bubblewrap/issues

dh_auto_test runs the build tests but they appear to be set as SKIP upstream.

Multiple autopkgtests passing on all Ubuntu architectures. Because the tests require machine isolation, the autopkgtests don't run on Debian's infrastructure currently.

Dependencies
============
check-mir reports all other binary dependencies are in main

Standards compliance
====================
4.0.0

Maintenance
===========
- Actively developed upstream
https://github.com/projectatomic/bubblewrap

- Maintained in Debian by the pkg-utopia team but more specifically, it is maintained by Simon McVittie (smcv) who also maintains Flatpak and ostree in Debian and Ubuntu.

short dh7 style rules, dh compat 10

Background information
======================
William Hua (attente) had been working last year on a snapcraft plugin that used bubblewrap.

So maybe more stuff will use bubblewrap in the future.