[MIR] dotnet7
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dotnet7 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
[Availability]
- The package dotnet7 is already in Ubuntu universe.
- The package dotnet7 build for the architectures it is designed to work on.
- See https:/
- It currently builds and works for architetcures: amd64, arm64
- Link to package https:/
[Rationale]
- The package dotnet7 is required in Ubuntu main as part of
Canonicals partnership with Microsoft to shorten the supply
chain between Canonical and Microsoft and improve the .NET
developer experience on Ubuntu. Read more here:
- https:/
- https:/
- The package dotnet7 will generally be useful for a large part of
our user base
- It would be great and useful to community/processes to have the
package dotnet7 in Ubuntu main, but there is no definitive deadline.
[Security]
- dotnet7 had security issues in the past that have been
fixed, see trackers:
- https:/
- NOTE: When searching for .NET CVEs in other trackers,
keep in mind that .NET Framework and .NET (Core) is not
the same and that many CVEs do not affect Linux distributions.
- The Security Team and Foundations Toolchain Squad already
work together with Microsoft to release security updates
to Ubuntu.
- Microsoft has weekly meetings with .NET Security Partners
(including Canonical) where they get and keep informed
about Security Issues.
- .NET Security Partners (including Canonical) have early
access to .NET releases containing CVE patches.
- Microsoft and .NET Security Partners (including Canonical)
coordinate releases to disclose and provide patches for
security issues on all plattforms at the same time.
- Microsoft informs Users about (security) issues in the
monthly release notes where they aslo recommend actions
to mitigate these issues.
See example Release Note containing CVE warning:
https:/
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https:/
- Upstream's bug tracker: https:/
(The .NET project has also multiple other bug trackers
for the individual components it consits of, e.g.:
- https:/
- https:/
- https:/
- https:/
Microsoft will CC us if issues are related to packaging)
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build logs:
- mantic amd64: https:/
- mantic arm64: https:/
- lunar amd64: https:/
- lunar arm64: https:/
- kinetic amd64: https:/
- kinetic arm64: https:/
- jammy amd64: https:/
- jammy arm64: https:/
- The package runs an autopkgtest, and is currently passing
on jammy/mantic/lunar amd64/arm64 https:/
- The package does have failing autopkgtests tests right now,
because the failing test has a bug.
This does not matter as the testsuite gets replaced by a
more sophisticated one with the next release.
[Quality assurance - packaging]
- debian/watch is present and works*
(*Canonical has to work around the debian/watch file to
consume embargoed releses before the release)
- debian/control defines a correct Maintainer field
- This package does yield massive lintian Warnings/Errors,
but they are either false-postives or acceptable.
- Lintian overrides are present, but ok because of false-positive
lintian warnings. The concrete reasons are explained as a
comment in the overwrite files.
- The package will not be installed by default
- Packaging is complex, but that is ok because the software
we are packaging is complex and we are working with
Microsoft to reduce the complexity.
[UI standards]
- Application is end-user facing, Translation is NOT present,
this is ok, as the application just provides a Command Line
Interface for developers. The CLI output should not be
translated to maintain online searchable error messages.
- The exception messages of the .NET Runtime are localized.
- End-user applications without desktop file, not needed,
because it just provides libraries and command line tools
[Dependencies]
- There are further dependencies that are not yet in main, the MIR
process for them is handled as part of this bug here.
- lld binary and source package is in universe
- llvm binary and source package is in universe
- locales-all is in universe, but its source glibc is already in main
[Standards compliance]
RULE: - Major violations should be documented and justified.
RULE: - FHS: https:/
RULE: - Debian Policy: https:/
- AFAICT, This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Team is already subscribed to the package
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built in the archive more recently than the last
test rebuild
[Background information]
- The Package description explains the package well
- Upstream Name is ".NET 7"
- Upstream project: https:/
- This MIR exists in parralel to the MIR for dotnet6
$ lintian --pedantic dotnet7_ 7.0.105- 0ubuntu3. dsc globbing- patterns src/runtime/ src/coreclr/ pal/src/ include/ pal/fakepoll. h (lines 608 801) [debian/copyright] globbing- patterns src/runtime/ src/native/ external/ brotli/ * (lines 811 1262) [debian/copyright] globbing- patterns src/runtime/ src/native/ external/ brotli/ fuzz/decode_ fuzzer. c (lines 816 1270) [debian/copyright] globbing- patterns ... use "--tag- display- limit 0" to see all (or pipe to a file/program) patterns- out-of- order src/runtime/ src/native/ external/ brotli/ fuzz/decode_ fuzzer. c src/runtime/ src/native/ external/ brotli/ * src/runtime/ src/native/ external/ brotli/ fuzz/decode_ fuzzer. c [debian/ copyright: 1262] patterns- out-of- order src/runtime/ src/native/ external/ brotli/ fuzz/run_ decode_ fuzzer. c src/runtime/ src/native/ external/ brotli/ * src/runtime/ src/native/ external/ brotli/ fuzz/run_ decode_ fuzzer. c [debian/ copyright: 1262] patterns- out-of- order src/source- build-externals /src/humanizer/ src/* src/source- build-externals /src/humanizer/ * src/source- build-externals /src/humanizer/ src/CodeCoverag e.runsettings [debian/ copyright: 2934] patterns- out-of- order ... use "--tag- display- limit 0" to see all (or pipe to a file/program) license- paragraph- in-dep5- copyright exapt [debian/ copyright: 2980] -version 4.7.0 (current is 4.6.2) file-pattern packages/ text-only/ microsoft. net.sdk. ios.manifest- 7.0.100- rc.1/* [debian/ copyright: 384] file-pattern packages/ text-only/ microsoft. net.sdk. maccatalyst. manifest- 7.0.100- rc.1/* [debian/ copyright: 384] file-pattern packages/ text-only/ microsoft. net.sdk. macos.manifest- 7.0.100- rc.1/* [debian/ copyright: 384] file-pattern ... use "--tag- display- limit 0" to see all (or pipe to a file/program) copyright: 3420] globbing- patterns (*eng/common/* src/symreader/ eng/*.props src/symreader/ eng/common/ internal/ *) for src/symreader/ eng/common/ internal/ Directory. Build.props [debian/ copyright: 200] globbing- patterns (*eng/common/* src/symreader/ eng/common/ internal/ *) for src/symreader/ eng/common/ internal/ Tools.csproj [debian/ copyright: 200] globbing- patterns (*eng/common/* src/test- templates/ eng/common/ internal/ *) for src/test- templates/ eng/common/ internal/ Directory. Build.props [debian/ copyright: 200] globbing- patterns ... use "--tag- display- limit 0" to see all (or pipe to a file/program) contains- autogenerated- visual- c++-file [src/aspnetcore /src/Servers/ IIS/AspNetCoreM oduleV2/ AspNetCore/ aspnetcoremodul e.rc] contains- autogenerated- visual- c++-file [src/aspnetcore /src/Servers/ IIS/AspNetCoreM oduleV2/ AspNetCore/ resource. h] contains- autogenerated- visual- c++-file [src/a...
E: dotnet7 source: duplicate-
E: dotnet7 source: duplicate-
E: dotnet7 source: duplicate-
E: dotnet7 source: duplicate-
W: dotnet7 source: globbing-
W: dotnet7 source: globbing-
W: dotnet7 source: globbing-
W: dotnet7 source: globbing-
W: dotnet7 source: missing-
W: dotnet7 source: newer-standards
W: dotnet7 source: superfluous-
W: dotnet7 source: superfluous-
W: dotnet7 source: superfluous-
W: dotnet7 source: superfluous-
W: dotnet7 source: tab-in-license-text [debian/
P: dotnet7 source: redundant-
P: dotnet7 source: redundant-
P: dotnet7 source: redundant-
P: dotnet7 source: redundant-
P: dotnet7 source: source-
P: dotnet7 source: source-
P: dotnet7 source: source-