| 2018-09-05 11:22:35 |
Christian Ehrhardt |
bug |
|
|
added bug |
| 2018-09-06 09:24:58 |
Christian Ehrhardt |
bug |
|
|
added subscriber MIR approval team |
| 2018-09-06 09:25:21 |
Christian Ehrhardt |
bug |
|
|
added subscriber Ubuntu Security Team |
| 2018-09-13 10:50:38 |
Matthias Klose |
gpsd (Ubuntu): assignee |
|
Mathieu Trudel-Lapierre (cyphermox) |
|
| 2018-09-13 18:44:22 |
Mathieu Trudel-Lapierre |
gpsd (Ubuntu): assignee |
Mathieu Trudel-Lapierre (cyphermox) |
Ubuntu Security Team (ubuntu-security) |
|
| 2018-09-13 18:44:25 |
Mathieu Trudel-Lapierre |
gpsd (Ubuntu): status |
New |
Incomplete |
|
| 2018-10-22 06:41:04 |
Christian Ehrhardt |
description |
Availability: GPSD is available since quite a while and builds for all architectures
Rationale:
- The package is the de-facto way to feed GPS HW-based time info into chrony which became the main NTP server with Bionic.
- All users using HW assisted NTP would be glad to have this in main
- It is not a dependency for chrony, but we'd seed it to get into main and add a suggest to chrony (while HW people want it the majority of the community is good without, so no depends/recommend)
- in some way the replacement ntp->chrony was only half of it as ntp had ntp-server AND GPS reading capabilties. This MIR fills the gap created by that.
Security:
- there two (fairly old) CVEs aganst GPSD
=> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gpsd
- since the above nothing came up, the project itself is active and vital IMHO
=> https://www.openhub.net/p/gpsd
- One of the issues has a USN, maybe the security team remembers if that was ok or bad back then
=> https://usn.ubuntu.com/1820-1/
Quality assurance:
- After installing the package just needs to be told on which device to work, then it will gather GPS data (that is as minimal as it can be I'd think).
- no debconf on install
- long term this had a few crashes back in 2012-2014 but not much since then (a few actually unrelatred apport reports on postinst issues); nothing should stop considering this for main IMHO
=> https://bugs.launchpad.net/ubuntu/+source/gpsd
=> https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=gpsd
- The one related important bug IMHO is bug 1790496 which will add apparmor to GPSD which I'd prefer when we grant it main (I wait on a security review there)
- "exotic hardware" is part of the GPSD story we (server team) have two kinds of receivers to test but there is a vast array of potential receivers which we will not be able to test all of them.
- a debian/watch file is in place
UI standards:
- not a UI package
Dependencies:
- Dependencies are sane (all in main and not deprecated)
GPSD:
Depends: netbase | systemd-sysv, lsb-base (>= 3.2-13), adduser (>= 3.34), libbluetooth3 (>= 4.91), libc6 (>= 2.27), libdbus-1-3 (>= 1.9.14), libusb-1.0-0 (>= 2:1.0.8), libgps23 (= 3.17-5build1)
Recommends: udev, python
LIBGPS23
Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.9.14), libstdc++6 (>= 5)
- There are a few universe build-depends, but nothing totally outdated IMHO
Standards compliance:
- meets the FHS
- follows (an older) standard 3.9.2
Maintenance:
- so far was mostly a sync, only now we pick up more work on it.
- DPB confirmed the server team would take over package subscription and maintainership as owning team
Background information:
Receiving GPS signals just to do so would be no core value of Ubuntu and not main-worthy. But being the de-facto way to feed the main ntp server (chrony) in Ubunutu with GPS data to improve time makes it a candidate. |
FYI: We want to only seed binary packages:
- gpsd
- libgpsd23
But none of the others (further bindings, tools, ...)
They will stay "only" a suggest from Chrony, so the seeding will pull them into Main.
Availability: GPSD is available since quite a while and builds for all architectures
Rationale:
- The package is the de-facto way to feed GPS HW-based time info into chrony which became the main NTP server with Bionic.
- All users using HW assisted NTP would be glad to have this in main
- It is not a dependency for chrony, but we'd seed it to get into main and add a suggest to chrony (while HW people want it the majority of the community is good without, so no depends/recommend)
- in some way the replacement ntp->chrony was only half of it as ntp had ntp-server AND GPS reading capabilties. This MIR fills the gap created by that.
Security:
- there two (fairly old) CVEs aganst GPSD
=> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gpsd
- since the above nothing came up, the project itself is active and vital IMHO
=> https://www.openhub.net/p/gpsd
- One of the issues has a USN, maybe the security team remembers if that was ok or bad back then
=> https://usn.ubuntu.com/1820-1/
Quality assurance:
- After installing the package just needs to be told on which device to work, then it will gather GPS data (that is as minimal as it can be I'd think).
- no debconf on install
- long term this had a few crashes back in 2012-2014 but not much since then (a few actually unrelatred apport reports on postinst issues); nothing should stop considering this for main IMHO
=> https://bugs.launchpad.net/ubuntu/+source/gpsd
=> https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=gpsd
- The one related important bug IMHO is bug 1790496 which will add apparmor to GPSD which I'd prefer when we grant it main (I wait on a security review there)
- "exotic hardware" is part of the GPSD story we (server team) have two kinds of receivers to test but there is a vast array of potential receivers which we will not be able to test all of them.
- a debian/watch file is in place
UI standards:
- not a UI package
Dependencies:
- Dependencies are sane (all in main and not deprecated)
GPSD:
Depends: netbase | systemd-sysv, lsb-base (>= 3.2-13), adduser (>= 3.34), libbluetooth3 (>= 4.91), libc6 (>= 2.27), libdbus-1-3 (>= 1.9.14), libusb-1.0-0 (>= 2:1.0.8), libgps23 (= 3.17-5build1)
Recommends: udev, python
LIBGPS23
Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.9.14), libstdc++6 (>= 5)
- There are a few universe build-depends, but nothing totally outdated IMHO
Standards compliance:
- meets the FHS
- follows (an older) standard 3.9.2
Maintenance:
- so far was mostly a sync, only now we pick up more work on it.
- DPB confirmed the server team would take over package subscription and maintainership as owning team
Background information:
Receiving GPS signals just to do so would be no core value of Ubuntu and not main-worthy. But being the de-facto way to feed the main ntp server (chrony) in Ubunutu with GPS data to improve time makes it a candidate. |
|
| 2018-10-22 06:41:20 |
Christian Ehrhardt |
description |
FYI: We want to only seed binary packages:
- gpsd
- libgpsd23
But none of the others (further bindings, tools, ...)
They will stay "only" a suggest from Chrony, so the seeding will pull them into Main.
Availability: GPSD is available since quite a while and builds for all architectures
Rationale:
- The package is the de-facto way to feed GPS HW-based time info into chrony which became the main NTP server with Bionic.
- All users using HW assisted NTP would be glad to have this in main
- It is not a dependency for chrony, but we'd seed it to get into main and add a suggest to chrony (while HW people want it the majority of the community is good without, so no depends/recommend)
- in some way the replacement ntp->chrony was only half of it as ntp had ntp-server AND GPS reading capabilties. This MIR fills the gap created by that.
Security:
- there two (fairly old) CVEs aganst GPSD
=> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gpsd
- since the above nothing came up, the project itself is active and vital IMHO
=> https://www.openhub.net/p/gpsd
- One of the issues has a USN, maybe the security team remembers if that was ok or bad back then
=> https://usn.ubuntu.com/1820-1/
Quality assurance:
- After installing the package just needs to be told on which device to work, then it will gather GPS data (that is as minimal as it can be I'd think).
- no debconf on install
- long term this had a few crashes back in 2012-2014 but not much since then (a few actually unrelatred apport reports on postinst issues); nothing should stop considering this for main IMHO
=> https://bugs.launchpad.net/ubuntu/+source/gpsd
=> https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=gpsd
- The one related important bug IMHO is bug 1790496 which will add apparmor to GPSD which I'd prefer when we grant it main (I wait on a security review there)
- "exotic hardware" is part of the GPSD story we (server team) have two kinds of receivers to test but there is a vast array of potential receivers which we will not be able to test all of them.
- a debian/watch file is in place
UI standards:
- not a UI package
Dependencies:
- Dependencies are sane (all in main and not deprecated)
GPSD:
Depends: netbase | systemd-sysv, lsb-base (>= 3.2-13), adduser (>= 3.34), libbluetooth3 (>= 4.91), libc6 (>= 2.27), libdbus-1-3 (>= 1.9.14), libusb-1.0-0 (>= 2:1.0.8), libgps23 (= 3.17-5build1)
Recommends: udev, python
LIBGPS23
Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.9.14), libstdc++6 (>= 5)
- There are a few universe build-depends, but nothing totally outdated IMHO
Standards compliance:
- meets the FHS
- follows (an older) standard 3.9.2
Maintenance:
- so far was mostly a sync, only now we pick up more work on it.
- DPB confirmed the server team would take over package subscription and maintainership as owning team
Background information:
Receiving GPS signals just to do so would be no core value of Ubuntu and not main-worthy. But being the de-facto way to feed the main ntp server (chrony) in Ubunutu with GPS data to improve time makes it a candidate. |
FYI: We want to only seed the two binary packages:
- gpsd
- libgpsd23
But none of the others (further bindings, tools, ...)
They will stay "only" a suggest from Chrony, so the seeding will pull them into Main.
Availability: GPSD is available since quite a while and builds for all architectures
Rationale:
- The package is the de-facto way to feed GPS HW-based time info into chrony which became the main NTP server with Bionic.
- All users using HW assisted NTP would be glad to have this in main
- It is not a dependency for chrony, but we'd seed it to get into main and add a suggest to chrony (while HW people want it the majority of the community is good without, so no depends/recommend)
- in some way the replacement ntp->chrony was only half of it as ntp had ntp-server AND GPS reading capabilties. This MIR fills the gap created by that.
Security:
- there two (fairly old) CVEs aganst GPSD
=> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gpsd
- since the above nothing came up, the project itself is active and vital IMHO
=> https://www.openhub.net/p/gpsd
- One of the issues has a USN, maybe the security team remembers if that was ok or bad back then
=> https://usn.ubuntu.com/1820-1/
Quality assurance:
- After installing the package just needs to be told on which device to work, then it will gather GPS data (that is as minimal as it can be I'd think).
- no debconf on install
- long term this had a few crashes back in 2012-2014 but not much since then (a few actually unrelatred apport reports on postinst issues); nothing should stop considering this for main IMHO
=> https://bugs.launchpad.net/ubuntu/+source/gpsd
=> https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=gpsd
- The one related important bug IMHO is bug 1790496 which will add apparmor to GPSD which I'd prefer when we grant it main (I wait on a security review there)
- "exotic hardware" is part of the GPSD story we (server team) have two kinds of receivers to test but there is a vast array of potential receivers which we will not be able to test all of them.
- a debian/watch file is in place
UI standards:
- not a UI package
Dependencies:
- Dependencies are sane (all in main and not deprecated)
GPSD:
Depends: netbase | systemd-sysv, lsb-base (>= 3.2-13), adduser (>= 3.34), libbluetooth3 (>= 4.91), libc6 (>= 2.27), libdbus-1-3 (>= 1.9.14), libusb-1.0-0 (>= 2:1.0.8), libgps23 (= 3.17-5build1)
Recommends: udev, python
LIBGPS23
Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.9.14), libstdc++6 (>= 5)
- There are a few universe build-depends, but nothing totally outdated IMHO
Standards compliance:
- meets the FHS
- follows (an older) standard 3.9.2
Maintenance:
- so far was mostly a sync, only now we pick up more work on it.
- DPB confirmed the server team would take over package subscription and maintainership as owning team
Background information:
Receiving GPS signals just to do so would be no core value of Ubuntu and not main-worthy. But being the de-facto way to feed the main ntp server (chrony) in Ubunutu with GPS data to improve time makes it a candidate. |
|
| 2018-10-23 15:29:25 |
Christian Ehrhardt |
description |
FYI: We want to only seed the two binary packages:
- gpsd
- libgpsd23
But none of the others (further bindings, tools, ...)
They will stay "only" a suggest from Chrony, so the seeding will pull them into Main.
Availability: GPSD is available since quite a while and builds for all architectures
Rationale:
- The package is the de-facto way to feed GPS HW-based time info into chrony which became the main NTP server with Bionic.
- All users using HW assisted NTP would be glad to have this in main
- It is not a dependency for chrony, but we'd seed it to get into main and add a suggest to chrony (while HW people want it the majority of the community is good without, so no depends/recommend)
- in some way the replacement ntp->chrony was only half of it as ntp had ntp-server AND GPS reading capabilties. This MIR fills the gap created by that.
Security:
- there two (fairly old) CVEs aganst GPSD
=> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gpsd
- since the above nothing came up, the project itself is active and vital IMHO
=> https://www.openhub.net/p/gpsd
- One of the issues has a USN, maybe the security team remembers if that was ok or bad back then
=> https://usn.ubuntu.com/1820-1/
Quality assurance:
- After installing the package just needs to be told on which device to work, then it will gather GPS data (that is as minimal as it can be I'd think).
- no debconf on install
- long term this had a few crashes back in 2012-2014 but not much since then (a few actually unrelatred apport reports on postinst issues); nothing should stop considering this for main IMHO
=> https://bugs.launchpad.net/ubuntu/+source/gpsd
=> https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=gpsd
- The one related important bug IMHO is bug 1790496 which will add apparmor to GPSD which I'd prefer when we grant it main (I wait on a security review there)
- "exotic hardware" is part of the GPSD story we (server team) have two kinds of receivers to test but there is a vast array of potential receivers which we will not be able to test all of them.
- a debian/watch file is in place
UI standards:
- not a UI package
Dependencies:
- Dependencies are sane (all in main and not deprecated)
GPSD:
Depends: netbase | systemd-sysv, lsb-base (>= 3.2-13), adduser (>= 3.34), libbluetooth3 (>= 4.91), libc6 (>= 2.27), libdbus-1-3 (>= 1.9.14), libusb-1.0-0 (>= 2:1.0.8), libgps23 (= 3.17-5build1)
Recommends: udev, python
LIBGPS23
Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.9.14), libstdc++6 (>= 5)
- There are a few universe build-depends, but nothing totally outdated IMHO
Standards compliance:
- meets the FHS
- follows (an older) standard 3.9.2
Maintenance:
- so far was mostly a sync, only now we pick up more work on it.
- DPB confirmed the server team would take over package subscription and maintainership as owning team
Background information:
Receiving GPS signals just to do so would be no core value of Ubuntu and not main-worthy. But being the de-facto way to feed the main ntp server (chrony) in Ubunutu with GPS data to improve time makes it a candidate. |
FYI: We want to only seed the two binary packages:
- gpsd
- libgpsd23
But none of the others (further bindings, tools, ...)
They will stay "only" a suggest from Chrony, but we want to add them to the supported seed to reflect their elevated support status.
Availability: GPSD is available since quite a while and builds for all architectures
Rationale:
- The package is the de-facto way to feed GPS HW-based time info into chrony which became the main NTP server with Bionic.
- All users using HW assisted NTP would be glad to have this in main
- It is not a dependency for chrony, but we'd seed it to get into main and add a suggest to chrony (while HW people want it the majority of the community is good without, so no depends/recommend)
- in some way the replacement ntp->chrony was only half of it as ntp had ntp-server AND GPS reading capabilties. This MIR fills the gap created by that.
Security:
- there two (fairly old) CVEs aganst GPSD
=> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=gpsd
- since the above nothing came up, the project itself is active and vital IMHO
=> https://www.openhub.net/p/gpsd
- One of the issues has a USN, maybe the security team remembers if that was ok or bad back then
=> https://usn.ubuntu.com/1820-1/
Quality assurance:
- After installing the package just needs to be told on which device to work, then it will gather GPS data (that is as minimal as it can be I'd think).
- no debconf on install
- long term this had a few crashes back in 2012-2014 but not much since then (a few actually unrelatred apport reports on postinst issues); nothing should stop considering this for main IMHO
=> https://bugs.launchpad.net/ubuntu/+source/gpsd
=> https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=yes&src=gpsd
- The one related important bug IMHO is bug 1790496 which will add apparmor to GPSD which I'd prefer when we grant it main (I wait on a security review there)
- "exotic hardware" is part of the GPSD story we (server team) have two kinds of receivers to test but there is a vast array of potential receivers which we will not be able to test all of them.
- a debian/watch file is in place
UI standards:
- not a UI package
Dependencies:
- Dependencies are sane (all in main and not deprecated)
GPSD:
Depends: netbase | systemd-sysv, lsb-base (>= 3.2-13), adduser (>= 3.34), libbluetooth3 (>= 4.91), libc6 (>= 2.27), libdbus-1-3 (>= 1.9.14), libusb-1.0-0 (>= 2:1.0.8), libgps23 (= 3.17-5build1)
Recommends: udev, python
LIBGPS23
Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.9.14), libstdc++6 (>= 5)
- There are a few universe build-depends, but nothing totally outdated IMHO
Standards compliance:
- meets the FHS
- follows (an older) standard 3.9.2
Maintenance:
- so far was mostly a sync, only now we pick up more work on it.
- DPB confirmed the server team would take over package subscription and maintainership as owning team
Background information:
Receiving GPS signals just to do so would be no core value of Ubuntu and not main-worthy. But being the de-facto way to feed the main ntp server (chrony) in Ubunutu with GPS data to improve time makes it a candidate. |
|
| 2019-01-23 10:17:14 |
Christian Ehrhardt |
gpsd (Ubuntu): status |
Incomplete |
New |
|
| 2019-01-23 10:17:32 |
Christian Ehrhardt |
gpsd (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
MIR approval team (ubuntu-mir) |
|
| 2019-01-24 10:49:22 |
Bernd Zeimetz |
bug |
|
|
added subscriber Eric S. Raymond |
| 2019-06-13 19:31:32 |
Seth Arnold |
attachment added |
|
Coverity results https://bugs.launchpad.net/ubuntu/+source/gpsd/+bug/1790855/+attachment/5270648/+files/coverity.txt |
|
| 2019-10-17 08:44:34 |
Christian Ehrhardt |
gpsd (Ubuntu): assignee |
MIR approval team (ubuntu-mir) |
Ubuntu Security Team (ubuntu-security) |
|
| 2019-11-18 12:10:32 |
Christian Ehrhardt |
gpsd (Ubuntu): status |
New |
Triaged |
|
| 2020-01-10 04:09:00 |
Alex Murray |
cve linked |
|
2004-1388 |
|
| 2020-01-10 04:09:00 |
Alex Murray |
cve linked |
|
2013-2038 |
|
| 2020-01-10 04:09:00 |
Alex Murray |
cve linked |
|
2018-17937 |
|
| 2020-01-10 04:09:40 |
Alex Murray |
attachment added |
|
gpsd-coverity-scan-results https://bugs.launchpad.net/ubuntu/+source/gpsd/+bug/1790855/+attachment/5319032/+files/coverity.txt |
|
| 2020-01-10 04:09:46 |
Alex Murray |
gpsd (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
| 2020-01-10 07:00:00 |
Christian Ehrhardt |
gpsd (Ubuntu): status |
Triaged |
In Progress |
|
| 2020-01-10 07:14:41 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~paelzer/ubuntu-seeds/+git/platform/+merge/377415 |
|
| 2020-01-29 13:24:44 |
Christian Ehrhardt |
gpsd (Ubuntu): status |
In Progress |
Fix Released |
|
| 2020-03-16 11:31:16 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~xnox/ubuntu-seeds/+git/platform/+merge/380718 |
|
| 2020-03-16 11:43:56 |
Christian Ehrhardt |
merge proposal unlinked |
https://code.launchpad.net/~xnox/ubuntu-seeds/+git/platform/+merge/380718 |
|
|
