| 2022-11-22 13:59:27 |
Jeremy Bícha |
bug |
|
|
added bug |
| 2022-11-22 15:39:39 |
Didier Roche-Tolomelli |
bug |
|
|
added subscriber MIR approval team |
| 2022-11-23 21:45:13 |
Jeremy Bícha |
bug |
|
|
added subscriber Amin Bandali |
| 2022-12-06 18:33:35 |
Amin Bandali |
description |
todo |
[Availability]
The package duktape is already in Ubuntu universe.
The package duktape build for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64 arm64 armhf ppc64el s390x
Link to package [[https://launchpad.net/ubuntu/+source/duktape|duktape]]
[Rationale]
- The package duktape is required in Ubuntu main for updating polkit.
Upstream polkit landed an alternative option to use duktape instead
of mozjs. duktape is a much smaller JavaScript implementation and
simpler code-base to maintain than mozjs, and Debian is going to use
it.
- Support for JavaScript-based rules in polkit have also been
requested in enterprise desktop use-cases.
- The package duktape is required in Ubuntu main no later than Feb 23
due to feature freeze.
[Security]
- Had 1 security issue in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46322
- https://ubuntu.com/security/CVE-2021-46322
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu, and currently has
only one normal and one wishlist bug open
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/duktape/+bugs
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=duktape
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906201
- The package does not deal with exotic hardware we cannot support |
|
| 2022-12-06 18:36:37 |
Amin Bandali |
description |
[Availability]
The package duktape is already in Ubuntu universe.
The package duktape build for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64 arm64 armhf ppc64el s390x
Link to package [[https://launchpad.net/ubuntu/+source/duktape|duktape]]
[Rationale]
- The package duktape is required in Ubuntu main for updating polkit.
Upstream polkit landed an alternative option to use duktape instead
of mozjs. duktape is a much smaller JavaScript implementation and
simpler code-base to maintain than mozjs, and Debian is going to use
it.
- Support for JavaScript-based rules in polkit have also been
requested in enterprise desktop use-cases.
- The package duktape is required in Ubuntu main no later than Feb 23
due to feature freeze.
[Security]
- Had 1 security issue in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46322
- https://ubuntu.com/security/CVE-2021-46322
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu, and currently has
only one normal and one wishlist bug open
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/duktape/+bugs
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=duktape
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906201
- The package does not deal with exotic hardware we cannot support |
[Availability]
The package duktape is already in Ubuntu universe.
The package duktape build for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64 arm64 armhf ppc64el s390x
Link to package https://launchpad.net/ubuntu/+source/duktape
[Rationale]
- The package duktape is required in Ubuntu main for updating polkit.
Upstream polkit landed an alternative option to use duktape instead
of mozjs. duktape is a much smaller JavaScript implementation and
simpler code-base to maintain than mozjs, and Debian is going to use
it.
- Support for JavaScript-based rules in polkit have also been
requested in enterprise desktop use-cases.
- The package duktape is required in Ubuntu main no later than Feb 23
due to feature freeze.
[Security]
- Had 1 security issue in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46322
- https://ubuntu.com/security/CVE-2021-46322
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu, and currently has
only one normal and one wishlist bug open
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/duktape/+bugs
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=duktape
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906201
- The package does not deal with exotic hardware we cannot support |
|
| 2022-12-16 08:44:37 |
Sebastien Bacher |
tags |
lunar |
lunar update-excuse |
|
| 2023-01-09 14:35:28 |
Didier Roche-Tolomelli |
duktape (Ubuntu): status |
Incomplete |
New |
|
| 2023-01-10 15:46:04 |
Christian Ehrhardt |
duktape (Ubuntu): assignee |
|
Didier Roche-Tolomelli (didrocks) |
|
| 2023-01-10 15:46:13 |
Jeremy Bícha |
duktape (Ubuntu): status |
New |
Incomplete |
|
| 2023-01-10 15:46:59 |
Christian Ehrhardt |
duktape (Ubuntu): assignee |
Didier Roche-Tolomelli (didrocks) |
|
|
| 2023-01-12 03:07:48 |
Amin Bandali |
description |
[Availability]
The package duktape is already in Ubuntu universe.
The package duktape build for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64 arm64 armhf ppc64el s390x
Link to package https://launchpad.net/ubuntu/+source/duktape
[Rationale]
- The package duktape is required in Ubuntu main for updating polkit.
Upstream polkit landed an alternative option to use duktape instead
of mozjs. duktape is a much smaller JavaScript implementation and
simpler code-base to maintain than mozjs, and Debian is going to use
it.
- Support for JavaScript-based rules in polkit have also been
requested in enterprise desktop use-cases.
- The package duktape is required in Ubuntu main no later than Feb 23
due to feature freeze.
[Security]
- Had 1 security issue in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46322
- https://ubuntu.com/security/CVE-2021-46322
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu, and currently has
only one normal and one wishlist bug open
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/duktape/+bugs
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=duktape
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906201
- The package does not deal with exotic hardware we cannot support |
[Availability]
The package duktape is already in Ubuntu universe.
The package duktape build for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64 arm64 armhf ppc64el s390x
Link to package https://launchpad.net/ubuntu/+source/duktape
[Rationale]
- The package duktape is required in Ubuntu main for updating polkit.
Upstream polkit landed an alternative option to use duktape instead
of mozjs. duktape is a much smaller JavaScript implementation and
simpler code-base to maintain than mozjs, and Debian is going to use
it.
- Support for JavaScript-based rules in polkit have also been
requested in enterprise desktop use-cases.
- The package duktape is required in Ubuntu main no later than Feb 23
due to feature freeze.
[Security]
- Had 1 security issue in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46322
- https://ubuntu.com/security/CVE-2021-46322
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu, and currently has
only one normal and one wishlist bug open
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/duktape/+bugs
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=duktape
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906201
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time because it currently
does not have a test suite (duktape itself does, but not its Debian
package).
- The package does not run an autopkgtest because it doesn't have one.
- The package does not have failing autopkgtests right now.
- The package can not be tested at build time because upstream does
not include tests in their release tarballs, which is what the
Debian packaging uses. To make up for that, there is a test plan
and example test logs, as well as a proposed autopkgtest, included
in a comment below.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Link to a recent build log of the package
https://launchpad.net/ubuntu/+source/duktape/2.7.0-1/+build/23197556/+files/buildlog_ubuntu-jammy-amd64.duktape_2.7.0-1_BUILDING.txt.gz
- Full output from `lintian --pedantic` attached as an extra post.
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf
questions higher than medium
- Packaging and build is easy, link to d/rules
https://salsa.debian.org/debian-iot-team/duktape/-/blob/master/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be desktop-packages
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built in the archive more recently than the last
test rebuild
[Background information]
The Package description explains the package well
Upstream Name is Duktape
Link to upstream project https://duktape.org |
|
| 2023-01-12 03:17:49 |
Amin Bandali |
attachment added |
|
duktape-debian-tests.tar.gz https://bugs.launchpad.net/ubuntu/+source/duktape/+bug/1997417/+attachment/5640878/+files/duktape-debian-tests.tar.gz |
|
| 2023-01-12 03:26:02 |
Amin Bandali |
attachment added |
|
duktape-2.7.0-test-suite-logs.tar.gz https://bugs.launchpad.net/ubuntu/+source/duktape/+bug/1997417/+attachment/5640880/+files/duktape-2.7.0-test-suite-logs.tar.gz |
|
| 2023-01-12 03:32:43 |
Amin Bandali |
attachment added |
|
duktape-2.7.0-lintian-pedantic.txt https://bugs.launchpad.net/ubuntu/+source/duktape/+bug/1997417/+attachment/5640881/+files/duktape-2.7.0-lintian-pedantic.txt |
|
| 2023-01-12 03:33:03 |
Amin Bandali |
duktape (Ubuntu): status |
Incomplete |
New |
|
| 2023-01-13 03:37:08 |
Amin Bandali |
description |
[Availability]
The package duktape is already in Ubuntu universe.
The package duktape build for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64 arm64 armhf ppc64el s390x
Link to package https://launchpad.net/ubuntu/+source/duktape
[Rationale]
- The package duktape is required in Ubuntu main for updating polkit.
Upstream polkit landed an alternative option to use duktape instead
of mozjs. duktape is a much smaller JavaScript implementation and
simpler code-base to maintain than mozjs, and Debian is going to use
it.
- Support for JavaScript-based rules in polkit have also been
requested in enterprise desktop use-cases.
- The package duktape is required in Ubuntu main no later than Feb 23
due to feature freeze.
[Security]
- Had 1 security issue in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46322
- https://ubuntu.com/security/CVE-2021-46322
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu, and currently has
only one normal and one wishlist bug open
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/duktape/+bugs
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=duktape
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906201
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time because it currently
does not have a test suite (duktape itself does, but not its Debian
package).
- The package does not run an autopkgtest because it doesn't have one.
- The package does not have failing autopkgtests right now.
- The package can not be tested at build time because upstream does
not include tests in their release tarballs, which is what the
Debian packaging uses. To make up for that, there is a test plan
and example test logs, as well as a proposed autopkgtest, included
in a comment below.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Link to a recent build log of the package
https://launchpad.net/ubuntu/+source/duktape/2.7.0-1/+build/23197556/+files/buildlog_ubuntu-jammy-amd64.duktape_2.7.0-1_BUILDING.txt.gz
- Full output from `lintian --pedantic` attached as an extra post.
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf
questions higher than medium
- Packaging and build is easy, link to d/rules
https://salsa.debian.org/debian-iot-team/duktape/-/blob/master/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be desktop-packages
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built in the archive more recently than the last
test rebuild
[Background information]
The Package description explains the package well
Upstream Name is Duktape
Link to upstream project https://duktape.org |
[Availability]
The package duktape is already in Ubuntu universe.
The package duktape build for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64 arm64 armhf ppc64el s390x
Link to package https://launchpad.net/ubuntu/+source/duktape
[Rationale]
- The package duktape is required in Ubuntu main for updating polkit.
Upstream polkit landed an alternative option to use duktape instead
of mozjs. duktape is a much smaller JavaScript implementation and
simpler code-base to maintain than mozjs, and Debian is going to use
it.
- Support for JavaScript-based rules in polkit have also been
requested in enterprise desktop use-cases.
- The package duktape is required in Ubuntu main no later than Feb 23
due to feature freeze.
[Security]
- Had 1 security issue in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46322
- https://ubuntu.com/security/CVE-2021-46322
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu, and currently has
only one normal and one wishlist bug open
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/duktape/+bugs
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=duktape
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906201
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time because it currently
does not have a test suite (duktape itself does, but not its Debian
package).
- The package does not run an autopkgtest because it doesn't have one.
- The package does not have failing autopkgtests right now.
- The package can not be tested at build time because upstream does
not include tests in their release tarballs, which is what the
Debian packaging uses -- though I've opened an upstream issue for
this, requesting inclusion of their test suite in release tarballs:
https://github.com/svaarala/duktape/issues/2523
For now, in lieu of that, there is a test plan and example test
logs, as well as a proposed autopkgtest, included in a separate
comment below.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Link to a recent build log of the package
https://launchpad.net/ubuntu/+source/duktape/2.7.0-1/+build/23197556/+files/buildlog_ubuntu-jammy-amd64.duktape_2.7.0-1_BUILDING.txt.gz
- Full output from `lintian --pedantic` attached as an extra post.
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf
questions higher than medium
- Packaging and build is easy, link to d/rules
https://salsa.debian.org/debian-iot-team/duktape/-/blob/master/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be desktop-packages
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built in the archive more recently than the last
test rebuild
[Background information]
The Package description explains the package well
Upstream Name is Duktape
Link to upstream project https://duktape.org |
|
| 2023-01-17 15:42:00 |
Christian Ehrhardt |
duktape (Ubuntu): assignee |
|
Christian Ehrhardt (paelzer) |
|
| 2023-01-19 11:22:16 |
Christian Ehrhardt |
cve linked |
|
2021-46322 |
|
| 2023-01-19 11:22:20 |
Christian Ehrhardt |
duktape (Ubuntu): status |
New |
Incomplete |
|
| 2023-01-19 11:22:22 |
Christian Ehrhardt |
duktape (Ubuntu): assignee |
Christian Ehrhardt (paelzer) |
|
|
| 2023-01-19 15:00:34 |
Christian Ehrhardt |
duktape (Ubuntu): assignee |
|
Ubuntu Security Team (ubuntu-security) |
|
| 2023-01-30 19:59:39 |
Steve Beattie |
tags |
lunar update-excuse |
lunar sec-1608 update-excuse |
|
| 2023-02-07 15:39:54 |
Christian Ehrhardt |
duktape (Ubuntu): status |
Incomplete |
New |
|
| 2023-03-24 03:05:12 |
Seth Arnold |
duktape (Ubuntu): status |
New |
In Progress |
|
| 2023-03-24 03:05:16 |
Seth Arnold |
duktape (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
| 2023-03-24 03:05:21 |
Seth Arnold |
bug |
|
|
added subscriber Seth Arnold |
| 2023-05-09 14:36:38 |
Christian Ehrhardt |
duktape (Ubuntu): status |
In Progress |
Incomplete |
|
| 2023-05-11 21:34:27 |
Gianfranco Costamagna |
description |
[Availability]
The package duktape is already in Ubuntu universe.
The package duktape build for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64 arm64 armhf ppc64el s390x
Link to package https://launchpad.net/ubuntu/+source/duktape
[Rationale]
- The package duktape is required in Ubuntu main for updating polkit.
Upstream polkit landed an alternative option to use duktape instead
of mozjs. duktape is a much smaller JavaScript implementation and
simpler code-base to maintain than mozjs, and Debian is going to use
it.
- Support for JavaScript-based rules in polkit have also been
requested in enterprise desktop use-cases.
- The package duktape is required in Ubuntu main no later than Feb 23
due to feature freeze.
[Security]
- Had 1 security issue in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46322
- https://ubuntu.com/security/CVE-2021-46322
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu, and currently has
only one normal and one wishlist bug open
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/duktape/+bugs
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=duktape
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906201
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time because it currently
does not have a test suite (duktape itself does, but not its Debian
package).
- The package does not run an autopkgtest because it doesn't have one.
- The package does not have failing autopkgtests right now.
- The package can not be tested at build time because upstream does
not include tests in their release tarballs, which is what the
Debian packaging uses -- though I've opened an upstream issue for
this, requesting inclusion of their test suite in release tarballs:
https://github.com/svaarala/duktape/issues/2523
For now, in lieu of that, there is a test plan and example test
logs, as well as a proposed autopkgtest, included in a separate
comment below.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Link to a recent build log of the package
https://launchpad.net/ubuntu/+source/duktape/2.7.0-1/+build/23197556/+files/buildlog_ubuntu-jammy-amd64.duktape_2.7.0-1_BUILDING.txt.gz
- Full output from `lintian --pedantic` attached as an extra post.
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf
questions higher than medium
- Packaging and build is easy, link to d/rules
https://salsa.debian.org/debian-iot-team/duktape/-/blob/master/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be desktop-packages
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built in the archive more recently than the last
test rebuild
[Background information]
The Package description explains the package well
Upstream Name is Duktape
Link to upstream project https://duktape.org |
[Availability]
The package duktape is already in Ubuntu universe.
The package duktape build for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64 arm64 armhf ppc64el riscv64 s390x
Link to package https://launchpad.net/ubuntu/+source/duktape
[Rationale]
- The package duktape is required in Ubuntu main for updating polkit.
Upstream polkit landed an alternative option to use duktape instead
of mozjs. duktape is a much smaller JavaScript implementation and
simpler code-base to maintain than mozjs, and Debian is going to use
it.
- Support for JavaScript-based rules in polkit have also been
requested in enterprise desktop use-cases.
- The package duktape is required in Ubuntu main no later than Feb 23
due to feature freeze.
[Security]
- Had 1 security issue in the past
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46322
- https://ubuntu.com/security/CVE-2021-46322
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu, and currently has
only one normal and one wishlist bug open
and long term critical bugs open
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/duktape/+bugs
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=duktape
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906201
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time because it currently
does not have a test suite (duktape itself does, but not its Debian
package).
- The package does not run an autopkgtest because it doesn't have one.
- The package does not have failing autopkgtests right now.
- The package can not be tested at build time because upstream does
not include tests in their release tarballs, which is what the
Debian packaging uses -- though I've opened an upstream issue for
this, requesting inclusion of their test suite in release tarballs:
https://github.com/svaarala/duktape/issues/2523
For now, in lieu of that, there is a test plan and example test
logs, as well as a proposed autopkgtest, included in a separate
comment below.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Link to a recent build log of the package
https://launchpad.net/ubuntu/+source/duktape/2.7.0-1/+build/23197556/+files/buildlog_ubuntu-jammy-amd64.duktape_2.7.0-1_BUILDING.txt.gz
- Full output from `lintian --pedantic` attached as an extra post.
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf
questions higher than medium
- Packaging and build is easy, link to d/rules
https://salsa.debian.org/debian-iot-team/duktape/-/blob/master/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be desktop-packages
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built in the archive more recently than the last
test rebuild
[Background information]
The Package description explains the package well
Upstream Name is Duktape
Link to upstream project https://duktape.org |
|
| 2023-05-26 12:27:53 |
Sebastien Bacher |
bug |
|
|
added subscriber Sebastien Bacher |
| 2023-05-26 12:28:05 |
Sebastien Bacher |
duktape (Ubuntu): importance |
Undecided |
High |
|
| 2023-05-26 12:28:15 |
Sebastien Bacher |
duktape (Ubuntu): assignee |
|
Amin Bandali (bandali) |
|
| 2023-06-20 13:40:12 |
Sebastien Bacher |
duktape (Ubuntu): status |
Incomplete |
New |
|
| 2023-06-20 13:40:12 |
Sebastien Bacher |
duktape (Ubuntu): assignee |
Amin Bandali (bandali) |
Christian Ehrhardt (paelzer) |
|
| 2023-06-20 14:10:23 |
Christian Ehrhardt |
duktape (Ubuntu): status |
New |
Incomplete |
|
| 2023-06-20 14:10:25 |
Christian Ehrhardt |
duktape (Ubuntu): assignee |
Christian Ehrhardt (paelzer) |
|
|
| 2023-06-21 06:53:11 |
Sebastien Bacher |
duktape (Ubuntu): status |
Incomplete |
New |
|
| 2023-06-21 06:53:11 |
Sebastien Bacher |
duktape (Ubuntu): assignee |
|
Christian Ehrhardt (paelzer) |
|
| 2023-06-21 07:32:42 |
Christian Ehrhardt |
duktape (Ubuntu): status |
New |
In Progress |
|
| 2023-06-21 07:32:43 |
Christian Ehrhardt |
duktape (Ubuntu): assignee |
Christian Ehrhardt (paelzer) |
|
|
| 2023-06-21 08:28:35 |
Sebastien Bacher |
duktape (Ubuntu): status |
In Progress |
Fix Released |
|
