[MIR] golang-*, Go build dependencies of google-guest-agent
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
golang-github-gcp-guest-logging-go (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
golang-github-go-ini-ini (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
golang-github-golang-groupcache (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
golang-github-google-btree (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
golang-github-kardianos-osext (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
golang-github-kardianos-service (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
golang-github-tarm-serial (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
golang-golang-x-net (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
golang-golang-x-oauth2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
golang-golang-x-sys (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
golang-golang-x-time (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
golang-google-protobuf (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
History worth to know:
https:/
https:/
[Availability]
The packages are present in universe on all architectures / the 'all' architecture.
[Rationale]
The packages are build dependencies of google-guest-agent and according to the special status of Golang packages Golang build dependencies of packages in main must also be in main (except for build dependencies used only in the tests).
[Security]
No known open CVE-s.
[Quality assurance]
Packaging is minimal.
Maintained by the Debian Go Packaging Team:
golang-
- 0 bug reports in Ubuntu and Debian, several open issues at upstream, but they upstream is active solving issues
- No Ubuntu delta
- Debian is behind by many upstream releases
golang-
- 0 bug reports in Ubuntu and Debian, several open issues at upstream, but they upstream is somewhat active solving issues
- No Ubuntu delta
- Upstream makes no releases, Debian is behind by many upstream commits
golang-
- 0 bug reports in Ubuntu and Debian, several open issues at upstream, but they upstream is active solving issues
- No Ubuntu delta
- Debian and Ubuntu are up to date with latest upstream release
golang-
- 0 bug reports in Ubuntu, Debian and at upstream, upstream is active solving issues
- No Ubuntu delta
- Upstream makes no releases, Debian is behind by only a few not interesting upstream commits
golang-
- 0 bug reports in Ubuntu and Debian, several open issues at upstream, but upstream is somewhat active solving issues
- No Ubuntu delta
- Upstream makes no releases, Debian is behind by many upstream commits
golang-
- 0 bug reports in Ubuntu, 1 RC in Debian, which is stating that golang-protobuf (>> 1.4) is needed which is in groovy-proposed at the moment
- several open issues at upstream, but upstream is active solving issues
- No Ubuntu delta
- Debian and Ubuntu are up to date with latest upstream release
golang-
- 0 bug reports in Ubuntu and Debian, several open issues at upstream, but upstream is somewhat active solving issues
- No Ubuntu delta
- Package is up to date with latest upstream release
golang-
- 1 unimportant bug report in Debian and 0 in Ubuntu, several open issues at upstream, but upstream is active solving issues
- No Ubuntu delta
- Upstream makes no releases, Debian is behind by many upstream commits
golang-
- 1 unimportant bug report in Debian and 0 in Ubuntu, several open issues at upstream, but upstream is active solving issues
- No Ubuntu delta
- Upstream makes no releases, Debian is behind by many upstream commits
golang-
- 0 bug reports in Ubuntu and Debian, several open issues at upstream, but upstream is active solving issues upstream issues are tracked at https:/
- No Ubuntu delta
- Upstream makes no releases, Debian is behind by many upstream commits
- TODO No watch file, old policy version
golang-
- 0 bug reports in Ubuntu and Debian, several open issues at upstream, but upstream is active solving issues upstream issues are tracked at https:/
- No Ubuntu delta
- Upstream makes no releases, Debian is behind by a few upstream commits
Maintained only in Ubuntu:
golang-
- 0 bug reports in Ubuntu and at upstream
- Upstream makes no releases, Ubuntu has the latest commit
[UI Standards]
Not applicable.
[Dependencies]
The packages depend on each other, golang-
[Standards Compliance]
Conforms to a recent Debian Policy version.
[Maintenance]
TODO: This package is to be owned by the Ubuntu Foundations team.
TODO: MIR golang-google-cloud golang-
These lead further down to much more further dependencies:
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-glog-dev
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-
- protobuf-compiler
Depended but in main alreday:
- zlib1g-dev
- libprotobuf23
- libprotoc23
- libprotobuf-lite23
- libprotobuf-dev
Depended but already requested here:
- golang-
- golang-
- golang-
- golang-
- golang-
- golang-
That would be 25 packages more - please confirm that you really intend to promote and maintain all those - in that case do an initial evaluation of quality and todos on your own (as it is part of the MIR request steps) of them and add them to the MIR request here. If you think you can cut those dependencies before pulling in all of these please do so in package uploads.
TODO: get foundation-bugs subscribed to all those packages
description: | updated |
description: | updated |
description: | updated |
Changed in golang-github-gcp-guest-logging-go (Ubuntu): | |
status: | New → Incomplete |
description: | updated |
description: | updated |
description: | updated |
Changed in golang-github-kardianos-osext (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
Changed in golang-github-kardianos-service (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
Changed in golang-github-go-ini-ini (Ubuntu): | |
assignee: | nobody → Didier Roche (didrocks) |
Changed in golang-google-protobuf (Ubuntu): | |
assignee: | nobody → Didier Roche (didrocks) |
Changed in golang-github-tarm-serial (Ubuntu): | |
assignee: | nobody → Dan Streetman (ddstreet) |
Changed in golang-github-golang-groupcache (Ubuntu): | |
assignee: | nobody → Dan Streetman (ddstreet) |
description: | updated |
description: | updated |
description: | updated |
Changed in golang-github-google-btree (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
description: | updated |
Changed in golang-golang-x-net (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
Changed in golang-golang-x-time (Ubuntu): | |
assignee: | nobody → Balint Reczey (rbalint) |
Changed in golang-google-protobuf (Ubuntu): | |
assignee: | nobody → Balint Reczey (rbalint) |
Changed in golang-golang-x-oauth2 (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
description: | updated |
Changed in golang-github-golang-groupcache (Ubuntu): | |
assignee: | Balint Reczey (rbalint) → nobody |
Changed in golang-github-kardianos-osext (Ubuntu): | |
assignee: | Balint Reczey (rbalint) → nobody |
Changed in golang-github-tarm-serial (Ubuntu): | |
assignee: | Balint Reczey (rbalint) → nobody |
Changed in golang-golang-x-net (Ubuntu): | |
assignee: | Balint Reczey (rbalint) → nobody |
Changed in golang-golang-x-oauth2 (Ubuntu): | |
assignee: | Balint Reczey (rbalint) → nobody |
Changed in golang-golang-x-time (Ubuntu): | |
assignee: | Balint Reczey (rbalint) → nobody |
Changed in golang-google-protobuf (Ubuntu): | |
assignee: | Balint Reczey (rbalint) → nobody |
[Summary]
MIR team ACK under the condition that the subscription is added and someone
takes a look at the build and autopkgtest tests.
This also does need a security review, so I'll assign ubuntu-security.
Specific binary packages to be promoted to main: github- kardianos- service- dev
- golang-
Required:
- subscribe foundations to the package
(Strongly) Recommended TODOs:
- Tests are actively disabled in d/rules atm, any chance to evalate, fix and
enable them?
- Also this integrates go packages with systemd which we know to change quite
a bit a autopkgtest would be awesome to ensure future systemd upgrades won't
break it.
I was torn if this is strictly required or recommended, foundations will own it
either way - with bugs detected early or late - so it is up to you. But I really
recommend adding/enabling tests on this one.
[Duplication] gopkg-hlandau- service. v2-dev but that isn't in main.
There also is golang-
So no other (Go) package in main providing the same functionality yet.
[Dependencies] github- kardianos- osext
OK:
- no other Dependencies to MIR due to this (onlygolang-
which is part of this MIR already)
- one -dev packages for auto-include but not crit dependencies
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking (well Go)
[Security]
OK:
- history of CVEs does not look concerning
- does not open a port
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
Problems:
- does run a daemon as root - running services is the core task of this.
So a lot of things might be set up right / wrong by it and therefore a
security evaluation should happen.
[Common blockers]
OK:
- does not FTBFS currently
- no translation present, but none needed for this case (user visible)?
- not a python package, no extra constraints to consider int hat regard
- Go package that uses dh-golang
TODO: Problems:
- does have a test suite that runs at build time
- test suite fails will fail the build upon error.
- does have a test suite that runs as autopkgtest
=> The build time tests are actively disabled and should be enabled if possible.
Also this integrates go packages with systemd which we know to change quite
a bit a autopkgtest would be awesome to ensure future systemd upgrades won't
break it.
- The package has no team bug subscriber (Should be Foundations, please
subscribe)
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is ok (code is 6 years old, only releases last
two years - but then steady)
- Debian/Ubuntu update history is ok
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using
- Go Package that follows the Debian Go packaging guidelines
[Upstream red flags]
OK:
- no Erro...