Comment 8 for bug 1912371

Revision history for this message
William Wilson (jawn-smith) wrote :

[Summary]
This package is safe to include in main.
This does need a security review, so I'll assign ubuntu-security
List of specific binary packages to be promoted to main:
  * ftdi-eeprom
  * libftdi1-2
  * libftdi1-dev
  * libftdi1-doc
  * libftdipp1-3
  * libftdipp1-dev
  * python3-ftdi1

[Duplication]
OK: There is no other package in main providing the same functionality.

[Dependencies]
OK: All binary dependencies not in main are built by this package

[Embedded sources and static linking]
OK: none

[Security]
OK:
- no CVEs
- does not run a daemon
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam, etc)
Problems:
- Needs review due to the nature of the package
- does parse data formats
- The FTDI devices can be used for many security relevant purposes.
    For example, flashrom makes use of FTDI devices in some cases to flash chips.
    This happens at the highest possible security levels.

[Common blockers]
OK:
- Does not FTBFS
- Added foundations-bugs as a bug subscriber
- no translation needed
- not a python or go package
- has test suites that run at build time and as autopkgtest

[Packaging red flags]
OK:
Upstream update history is slow, but not unreasonably so. A new version was released last July

[Upstream red flags]
OK: