[MIR] flashrom + libftdi
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
flashrom (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
fwupd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
libftdi1 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Summary]
Further review will be needed. The Package does not have a test suite that runs as autopkgtest.
[Availability]
Currently in universe.
[Duplication]
There is no other package in main providing the same functionality.
[Rationale]
fwupd depends on libflashrom1 for its flashrom plugin, something that's required to update Coreboot firmware.
[Security]
No CVE's, but due to the nature of the package security should review.
[Quality Assurance]
Package builds and runs easily
[Dependencies]
N/A
[Standards Compliance]
Complies with FHS, though the organization of files in the source package could be organized better.
[Common blockers]
flashrom does NOT have a test suite that runs at build time.
flashrom does NOT have a test suite that runs as autopkgtest.
[Maintenance]
Actively maintained - https:/
Packaging - https:/
information type: | Public → Public Security |
description: | updated |
description: | updated |
Changed in flashrom (Ubuntu): | |
assignee: | Matthieu Clemenceau (mclemenceau) → nobody |
Changed in flashrom (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
information type: | Public Security → Public |
Changed in libftdi (Ubuntu): | |
assignee: | Matthieu Clemenceau (mclemenceau) → Ubuntu Security Team (ubuntu-security) |
status: | Incomplete → New |
affects: | libftdi (Ubuntu) → libftdi1 (Ubuntu) |
Changed in fwupd (Ubuntu): | |
status: | New → In Progress |
Changed in flashrom (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in fwupd (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in libftdi1 (Ubuntu): | |
status: | In Progress → Fix Committed |
@Matt - Foundations is the owner of fwupd - do you agree to own this package as well then?
If yes please subscribe the Team and set the status back to "new" for a full review.
If no - we need to have a discussion about the alternatives.