Review for Package: ell

[Summary]
It replicates functionality that exists otherwise, but in a scope that
we do not have in an alternate form. Other than that it seems to be
nice and trimmed to just the function it is advertising.
=> MIR team ACK

This does need a security review, so I'll assign ubuntu-security

List of specific binary packages to be promoted to main: ell
Specific binary packages built, but NOT to be promoted to main: <none>

Required TODOs:
- none
Recommended TODOs:
- none

[Duplication]
Well - the whole base system system is what is duplicated in this library.
dhcp requests, icmp handling, tls, netlink, ... many more things that a base
system would do are essentially re-implemented as a library (instead of
independent tools/services) here. That is some duplication, but it is done
in a way to provide those as a lib/binding interface as used by IWD.
And in that use-case/context there is no duplication in Ubuntu main yet.

Problems: None

[Dependencies]
OK:
- no other Dependencies to MIR due to this
- -dev package will be auto-promoted but also has sane dependencies
- No dependencies in main that are only superficially tested requiring
  more tests now.

Problems: None

[Embedded sources and static linking]
OK:
- no embedded source present (just a kernel header for gpio)
- no static linking
  One common way to use ell is static linking, but nowadays it does allow
  to be a dynamic lib and that is how it e.g. is used from iwd
- does not have odd Built-Using entries
- not a go package, no extra constraints to consider in that regard

Problems: None

[Security]
OK:
- history of CVEs does not look concerning (unless we consider having none
  as concerning since the functionality it covers usually has CVEs)
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not deal with security attestation (secure boot, tpm, signatures)

Problems:
- does parse data formats (most of the functions interact with some remote
  component)
- does open a port/socket (for some functions)
- While not having CVEs yet, in general this covers a lot of things like dhcp,
  dbus or many others that are known to be epxloited in other places. So the
  assumption should be that there is a reasonable attack surface here as well.

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
  - test suite fails will fail the build upon error.
- No need for special HW to test
- no new python2 dependency

Problems:
- does not have a non-trivial test suite that runs as autopkgtest
  - a non-trivial test on this level does not make sense (the lib alone
    is only doing rather simple things), but there is an autopkgtest in iwd
    which is the context that pulls this into main.
    I think there is no strong need to require or recommend to add an
    autopkgtest on this level as well.

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking is in place
- d/watch is present and looks ok
- Upstream update history is good
- Debian/Ubuntu update history is good
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
  - a few very minor ones like override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS
- d/rules is rather clean
- It is not on the lto-disabled list

Problems: None

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as we can check it)
  has its own malloc wrapper to be used by lib-users (makes alloc
  fails fatal)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH (usage is OK inside
  tests)
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks
- no translation present, but none needed for this case (not user visible)

Problems: None