[MIR] libio-prompt-tiny-perl
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libdata-validate-ip-perl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
libdata-validate-uri-perl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
libio-prompt-tiny-perl (Ubuntu) |
Fix Released
|
Undecided
|
Simon Chopin | ||
libmath-base85-perl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
libnet-ipv6addr-perl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
libnet-netmask-perl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
libsyntax-keyword-try-perl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
libxs-parse-keyword-perl (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Availability]
The package libio-prompt-
The package libio-prompt-
It currently builds and works for architectures: all
Link to package [[https:/
[Rationale]
- The package libio-prompt-
- The package libio-prompt-
our user base, but is important/helpful still because lintian is an essential part
of the packaging toolkit
- The package libio-prompt-
we already support
[Security]
- No CVEs/security issues in this software in the past
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is well maintained in Debian/Ubuntu, as part of the Debian Perl team. It does not have *any* bug open, either in Debian nor in Ubuntu. Upstream is fairly inactive, with last release in 2015
- Ubuntu https:/
- Debian https:/
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
it makes the build fail, link to build log https:/
It should be noted that since by essence the code deals with interactive terminals, a fair share of the tests are skipped during the builds.
- The package runs the autodep8-perl autopkgtests, which includes running the
unit test suite, and is currently passing on all architectures:
https:/
[Quality assurance - packaging]
- debian/watch is present and works
- This package does not yield massive lintian Warnings, Errors, except for outdated standards
and Vcs-* fields (fixed in Salsa but not uploaded)
- Link to the Debian lintian report: https:/
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy, link to d/rules https:/
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be Foundations
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
[Background information]
The Package description explains the package well!
Upstream Name is David Golden <email address hidden>
Upstream project: https:/
Changed in libio-prompt-tiny-perl (Ubuntu): | |
status: | Incomplete → New |
Changed in libio-prompt-tiny-perl (Ubuntu): | |
status: | New → Incomplete |
description: | updated |
Changed in libio-prompt-tiny-perl (Ubuntu): | |
status: | Incomplete → Confirmed |
Changed in libio-prompt-tiny-perl (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
Changed in libio-prompt-tiny-perl (Ubuntu): | |
assignee: | Lukas Märdian (slyon) → Simon Chopin (schopin) |
Review for Package: libio-prompt- tiny-perl
[Summary]
MIR team ACK under the constraint to resolve the below listed
required TODOs.
This does not need a security review
List of specific binary packages to be promoted to main: libio-prompt- tiny-perl
Required TODOs: tiny-perl
- Try if lintian could be switched to use libio-prompter-perl without causing
more maintenance effort for that delta than what we gain by avoiding another
pkg in main. Not worth a Delta, but maybe Debian is open to take that chance.
If the outcome of that check is that maintaining libio-prompt-
seems easier (not now, also in the long run) then state that and we can
promote it.
Setting this to incomplete and back to Lukas until that check was done.
[Duplication]
There is the much more powerful and complex libio-prompt-perl, but that isn't
in main either, so no need to consider switching to it instead.
But there also is src:libio- prompter- perl which still does very much the same. /metacpan. org/dist/ IO-Prompt- Tiny to /metacpan. org/pod/ IO::Prompter indicates that the one already in main
Comparing https:/
https:/
is a superset to what is requested.
If this would be a complex package the answer would be easy, "Nack please tiny-perl really is small and tiny (to be
use the one already in main".
But on the other hand libio-prompt-
less capable and thereby less complex than the other prompt modules is the
main design point).
Chances are that maintaining a Delta is more effort than maintaining this
package on top. But if you could get the change into upstream/Debian lintian
then using libio-prompter-perl seems to be the better option.
I'll set a required todo to explore the option to switch lintian to it.
If it is feasible please do so, otherwise continue with this MIR.
[Dependencies]
OK:
- no other Dependencies to MIR due to this
- no -dev/-debug/-doc packages that need exclusion
- No dependencies in main that are only superficially tested requiring
more tests now.
Problems: None
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
- does not have odd Built-Using entries
- not a go package, no extra constraints to consider in that regard
Problems: None
[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port/socket
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not deal with security attestation (secure boot, tpm, signatures)
Problems:
- does parse data formats, but not much
[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
- test suite fails will fail the build upon error.
- does have a non-trivial test suite that runs as autopkgtest
- no new python2 dependency
Problems: None
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok (if needed, e.g. non-native)
- Upstream&Debian update history is ok, but too new ...