[Summary]
Alternative D-Bus implementation for Python applications.
MIR team -1 due to duplication of function; if we could switch over all reverse-depends in main this switch would be re-considered.
I've asked the Ubuntu OpenStack team to review use of python3-keyring to see if we can remove 3/4 of the reverse-depends that hold keyring in main - launchpadlib seems to be a potential blocker.
Would require security team review due to integration with D-Bus.
[Duplication]
Pure Python DBus implementation, fulfilling the same function as dbus-python.
python-secretstorage has migrated to jeepney, however there are a large number of other packages that still depend on python3-dbus:
I suspect its unlikely that these will all migrate during the Focal timeframe so including this package into main would duplicate functionality.
[Embedded sources and static linking]
- no embedded source present
- no static linking
[Security]
- no history of CVEs
- does not use webkit1,2
- does not use lib*v8 directly
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not run a daemon as root
- does not open a port
But it has quite some security sensitive elements:
- does not parse data formats
- integrates with D-Bus
- access to all data passed in between
Will require security team review.
[Common blockers]
- does not currently FTBFS
- no translation present, but none needed
- no python2
- has autopkgtests
- lacks a team bug subscriber
[Packaging red flags]
- In sync with debian
- symbols tracking not applicable for this code.
- d/watch is present and works
- Upstream update history is good
- Limited Debian/Ubuntu history (new for focal)
- the current release is packaged
- no MOTU problem
- no Lintian warnings
- d/rules nice and clean
- not using Built-Using
- no golang package for extra considerations about that
[Upstream red flags]
- no errors during the build
- no incautious use of malloc/sprintf (N/A)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no significant open bug reports upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- no embedded source copies
- not part of the UI for extra checks
[Summary]
Alternative D-Bus implementation for Python applications.
MIR team -1 due to duplication of function; if we could switch over all reverse-depends in main this switch would be re-considered.
I've asked the Ubuntu OpenStack team to review use of python3-keyring to see if we can remove 3/4 of the reverse-depends that hold keyring in main - launchpadlib seems to be a potential blocker.
Would require security team review due to integration with D-Bus.
[Duplication]
Pure Python DBus implementation, fulfilling the same function as dbus-python.
python- secretstorage has migrated to jeepney, however there are a large number of other packages that still depend on python3-dbus:
$ reverse-depends -c main python3-dbus selector- common secretstorage properties- common config- printer config- printer- common config- printer- udev [amd64 arm64 armhf ppc64el s390x] frontend- gtk [amd64 arm64 armhf ppc64el] release- upgrader- gtk system- service notifier- common
Reverse-Depends
* hplip [amd64 arm64 armhf ppc64el s390x]
* language-
* networkd-dispatcher
* python3-aptdaemon
* python3-cupshelpers
* python3-dbus-dbg
* python3-
* software-
* system-
* system-
* system-
* ubiquity-
* ubuntu-
* ubuntu-
* unattended-upgrades
* update-manager
* update-notifier [amd64 arm64 armhf ppc64el s390x]
* update-
* usb-creator-common [amd64]
* usb-creator-gtk [amd64]
I suspect its unlikely that these will all migrate during the Focal timeframe so including this package into main would duplicate functionality.
[Embedded sources and static linking]
- no embedded source present
- no static linking
[Security]
- no history of CVEs
- does not use webkit1,2
- does not use lib*v8 directly
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not run a daemon as root
- does not open a port
But it has quite some security sensitive elements:
- does not parse data formats
- integrates with D-Bus
- access to all data passed in between
Will require security team review.
[Common blockers]
- does not currently FTBFS
- no translation present, but none needed
- no python2
- has autopkgtests
- lacks a team bug subscriber
[Packaging red flags]
- In sync with debian
- symbols tracking not applicable for this code.
- d/watch is present and works
- Upstream update history is good
- Limited Debian/Ubuntu history (new for focal)
- the current release is packaged
- no MOTU problem
- no Lintian warnings
- d/rules nice and clean
- not using Built-Using
- no golang package for extra considerations about that
[Upstream red flags]
- no errors during the build
- no incautious use of malloc/sprintf (N/A)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no significant open bug reports upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- no embedded source copies
- not part of the UI for extra checks