Comment 41 for bug 2003259

@cups-browsed

The review feedback from Didier was

> Required TODOs:
> - There are no package build time tests nor autopkgtests in the package which is a requirement for entering main.

The autopkgtests got added
https://autopkgtest.ubuntu.com/packages/c/cups-browsed

The build was changed to call 'make check' but that was reverted because those tests expect avahi to be active which is not. Till could we skip part of the tests but still run the tests that don't rely on avahi?

> - Remember to subscribe the desktop-packages team as I think it will be the official team owning the packages so that list of criticals bugs can be adressed.

Subscribed

> - The package does install one service, gated with apparmor. However, additional permission on the service would be great.
> See the MIR template on which ones to add like reduced permissions, temp envronment, restricted users/groups...
> Due to this service running as root and as this requires a security review too.

The service didn't need the privilege, it was changed in to use https://launchpad.net/ubuntu/+source/cups-browsed/2.0~b4-0ubuntu1 User=cups-browsed

Security team review was also done and gave a +1

> Recommended TODOs:
> - This package do not ship library or symbol files, however, it has this in debian/rules, which is useless for that package:
> override_dh_makeshlibs:
> dh_makeshlibs -- -c4
> This could be cleaned.

fixed in https://launchpad.net/ubuntu/+source/cups-browsed/2.0~b4-0ubuntu2

> - I suggest that you revisit the lintian override about file permission on the executable, if you look at <https://lintian.debian.org/tags/executable-is-not-world-readable>, there is no security gain by this permission set. It should be 0744 if you don’t want other users to be able to execute it.

fixed in https://launchpad.net/ubuntu/+source/cups-browsed/2.0~b4-0ubuntu2

Till, could you check if there is a set of the tests we could do a build time still? Once that resolved we should be able to promote cups-browsed