Activity log for bug #1972153

Date Who What changed Old value New value Message
2022-05-09 07:34:27 Didier Roche-Tolomelli bug added bug
2022-05-09 08:25:48 Sebastien Bacher libsoup3 (Ubuntu): assignee Sebastien Bacher (seb128) Jeremy Bicha (jbicha)
2022-05-10 14:41:34 Didier Roche-Tolomelli bug added subscriber MIR approval team
2022-05-18 12:36:00 Jeremy Bícha bug added subscriber Jeremy Bicha
2022-05-18 14:27:53 Didier Roche-Tolomelli libsoup3 (Ubuntu): status Incomplete Fix Released
2022-05-18 14:30:09 Didier Roche-Tolomelli libsoup3 (Ubuntu): status Fix Released Incomplete
2022-05-18 17:58:49 Jeremy Bícha description Needs to be MIR. What doesn’t qualify for immediate promotion (soname bump) is the dep on sysprof which is in universe and needs to be checked (either get it promoted or downgrading the dep) [Availability] Already in Ubuntu universe. Builds and works for all supported architectures including i386 https://launchpad.net/ubuntu/+source/libsoup3 [Rationale] GNOME is switching to libsoup3. This has been delayed a few releases but I suspect it will be more mandatory for GNOME 43 or GNOME 44. - gnome-bluetooth3 is a new runtime dependency of package gnome-shell that we already support libsoup3 is requested in Ubuntu main no longer than August 4 to allow time for reverse dependencies to be switched before 22.10 Feature Freeze August 25. [Security] - https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsoup - https://ubuntu.com/security/cve?package=libsoup2.4 - https://security-tracker.debian.org/tracker/source-package/libsoup2.4 - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs - Package does not open privileged ports (ports < 1024) - debian/rules builds with all standard hardening flags This is a security-sensitive library that allows apps to access data over the Internet. [Quality assurance - function/usage] The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu and has not too many   and long term critical bugs open - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libsoup3 - Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/libsoup2.4 - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup3 - Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup2.4 - GNOME https://gitlab.gnome.org/GNOME/libsoup/-/issues - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - Runs a test suite on build time, if it fails it makes the build fail, link to build log: https://launchpad.net/ubuntu/+source/libsoup3/3.0.6-1/+build/23589175/+files/buildlog_ubuntu-kinetic-amd64.libsoup3_3.0.6-1_BUILDING.txt.gz - Includes autopkgtests, both a basic superficial test and an installed-tests suite [Quality assurance - packaging] - debian/watch is present and works - Does not yield massive lintian Warnings or Errors - Lintian overrides are not present - Des not rely on obsolete or about to be demoted packages. - Has no python2 or GTK2 dependencies - Does not ask debconf questions - Packaging and build is easy: https://salsa.debian.org/gnome-team/libsoup3/-/blob/debian/master/debian/rules [UI standards] Skipping [Dependencies] - No dependencies not already in main - libsoup-3.0-dev has been added to the Extra-Exclude list to keep its sysprof dependency out of main for now [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.) - Team is not yet, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code [Background information] The Ubuntu Desktop Team expects that it will be necessary to keep both libsoup2.4 and libsoup3 in main for Ubuntu 22.10. This is a big and complicated transition. Apps will crash if they are linked against both libraries. Upstream progress tracker: https://gitlab.gnome.org/GNOME/libsoup/-/issues/218 Migration hints: https://libsoup.org/libsoup-3.0/migrating-from-libsoup-2.html https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3.html Estimated 29 affected source packages in main (some are libraries so true affected count is higher): https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3-main.html
2022-05-18 17:58:51 Jeremy Bícha libsoup3 (Ubuntu): assignee Jeremy Bicha (jbicha)
2022-05-18 19:12:39 Jeremy Bícha libsoup3 (Ubuntu): status Incomplete Confirmed
2022-05-18 20:26:47 Jeremy Bícha description [Availability] Already in Ubuntu universe. Builds and works for all supported architectures including i386 https://launchpad.net/ubuntu/+source/libsoup3 [Rationale] GNOME is switching to libsoup3. This has been delayed a few releases but I suspect it will be more mandatory for GNOME 43 or GNOME 44. - gnome-bluetooth3 is a new runtime dependency of package gnome-shell that we already support libsoup3 is requested in Ubuntu main no longer than August 4 to allow time for reverse dependencies to be switched before 22.10 Feature Freeze August 25. [Security] - https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsoup - https://ubuntu.com/security/cve?package=libsoup2.4 - https://security-tracker.debian.org/tracker/source-package/libsoup2.4 - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs - Package does not open privileged ports (ports < 1024) - debian/rules builds with all standard hardening flags This is a security-sensitive library that allows apps to access data over the Internet. [Quality assurance - function/usage] The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu and has not too many   and long term critical bugs open - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libsoup3 - Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/libsoup2.4 - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup3 - Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup2.4 - GNOME https://gitlab.gnome.org/GNOME/libsoup/-/issues - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - Runs a test suite on build time, if it fails it makes the build fail, link to build log: https://launchpad.net/ubuntu/+source/libsoup3/3.0.6-1/+build/23589175/+files/buildlog_ubuntu-kinetic-amd64.libsoup3_3.0.6-1_BUILDING.txt.gz - Includes autopkgtests, both a basic superficial test and an installed-tests suite [Quality assurance - packaging] - debian/watch is present and works - Does not yield massive lintian Warnings or Errors - Lintian overrides are not present - Des not rely on obsolete or about to be demoted packages. - Has no python2 or GTK2 dependencies - Does not ask debconf questions - Packaging and build is easy: https://salsa.debian.org/gnome-team/libsoup3/-/blob/debian/master/debian/rules [UI standards] Skipping [Dependencies] - No dependencies not already in main - libsoup-3.0-dev has been added to the Extra-Exclude list to keep its sysprof dependency out of main for now [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.) - Team is not yet, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code [Background information] The Ubuntu Desktop Team expects that it will be necessary to keep both libsoup2.4 and libsoup3 in main for Ubuntu 22.10. This is a big and complicated transition. Apps will crash if they are linked against both libraries. Upstream progress tracker: https://gitlab.gnome.org/GNOME/libsoup/-/issues/218 Migration hints: https://libsoup.org/libsoup-3.0/migrating-from-libsoup-2.html https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3.html Estimated 29 affected source packages in main (some are libraries so true affected count is higher): https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3-main.html [Availability] Already in Ubuntu universe. Builds and works for all supported architectures including i386 https://launchpad.net/ubuntu/+source/libsoup3 [Rationale] GNOME is switching to libsoup3. This has been delayed a few releases but I suspect it will be more mandatory for GNOME 43 or GNOME 44. - gnome-bluetooth3 is a new runtime dependency of package gnome-shell that we already support libsoup3 is requested in Ubuntu main no longer than August 4 to allow time for reverse dependencies to be switched before 22.10 Feature Freeze August 25. [Security] - https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsoup - https://ubuntu.com/security/cve?package=libsoup2.4 - https://security-tracker.debian.org/tracker/source-package/libsoup2.4 - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs - Package does not open privileged ports (ports < 1024) - debian/rules builds with all standard hardening flags This is a security-sensitive library that allows apps to access data over the Internet. [Quality assurance - function/usage] The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu and has not too many   and long term critical bugs open - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libsoup3 - Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/libsoup2.4 - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup3 - Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup2.4 - GNOME https://gitlab.gnome.org/GNOME/libsoup/-/issues - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - Runs a test suite on build time, if it fails it makes the build fail, link to build log: https://launchpad.net/ubuntu/+source/libsoup3/3.0.6-1/+build/23589175/+files/buildlog_ubuntu-kinetic-amd64.libsoup3_3.0.6-1_BUILDING.txt.gz - Includes autopkgtests, both a basic superficial test and an installed-tests suite [Quality assurance - packaging] - debian/watch is present and works - Does not yield massive lintian Warnings or Errors - Lintian overrides are not present - Des not rely on obsolete or about to be demoted packages. - Has no python2 or GTK2 dependencies - Does not ask debconf questions - Packaging and build is easy: https://salsa.debian.org/gnome-team/libsoup3/-/blob/debian/master/debian/rules [UI standards] Skipping [Dependencies] - No dependencies not already in main - libsoup-3.0-dev has been added to the Extra-Exclude list to keep its sysprof dependency out of main for now [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.) - Team is not yet, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code [Background information] The Ubuntu Desktop Team expects that it will be necessary to keep both libsoup2.4 and libsoup3 in main for Ubuntu 22.10. This is a big and complicated transition. Apps will crash if they are linked against both libraries. Upstream progress tracker: https://gitlab.gnome.org/GNOME/libsoup/-/issues/218 Migration hints: https://libsoup.org/libsoup-3.0/migrating-from-libsoup-2.html https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3.html Estimated 30 affected source packages in main (some are libraries so true affected count is higher): https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3-main.html
2022-05-19 07:18:30 Didier Roche-Tolomelli libsoup3 (Ubuntu): status Confirmed New
2022-05-23 22:06:32 Launchpad Janitor libsoup3 (Ubuntu): status New Confirmed
2022-05-23 22:06:46 amano bug added subscriber amano
2022-05-24 14:38:17 Didier Roche-Tolomelli libsoup3 (Ubuntu): assignee Didier Roche (didrocks)
2022-06-01 09:28:17 Sebastien Bacher bug added subscriber Sebastien Bacher
2022-06-01 15:40:15 Didier Roche-Tolomelli libsoup3 (Ubuntu): status Confirmed Fix Committed
2022-06-01 15:40:18 Didier Roche-Tolomelli libsoup3 (Ubuntu): assignee Didier Roche (didrocks)
2022-06-02 12:33:08 Jeremy Bícha description [Availability] Already in Ubuntu universe. Builds and works for all supported architectures including i386 https://launchpad.net/ubuntu/+source/libsoup3 [Rationale] GNOME is switching to libsoup3. This has been delayed a few releases but I suspect it will be more mandatory for GNOME 43 or GNOME 44. - gnome-bluetooth3 is a new runtime dependency of package gnome-shell that we already support libsoup3 is requested in Ubuntu main no longer than August 4 to allow time for reverse dependencies to be switched before 22.10 Feature Freeze August 25. [Security] - https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsoup - https://ubuntu.com/security/cve?package=libsoup2.4 - https://security-tracker.debian.org/tracker/source-package/libsoup2.4 - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs - Package does not open privileged ports (ports < 1024) - debian/rules builds with all standard hardening flags This is a security-sensitive library that allows apps to access data over the Internet. [Quality assurance - function/usage] The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu and has not too many   and long term critical bugs open - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libsoup3 - Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/libsoup2.4 - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup3 - Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup2.4 - GNOME https://gitlab.gnome.org/GNOME/libsoup/-/issues - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - Runs a test suite on build time, if it fails it makes the build fail, link to build log: https://launchpad.net/ubuntu/+source/libsoup3/3.0.6-1/+build/23589175/+files/buildlog_ubuntu-kinetic-amd64.libsoup3_3.0.6-1_BUILDING.txt.gz - Includes autopkgtests, both a basic superficial test and an installed-tests suite [Quality assurance - packaging] - debian/watch is present and works - Does not yield massive lintian Warnings or Errors - Lintian overrides are not present - Des not rely on obsolete or about to be demoted packages. - Has no python2 or GTK2 dependencies - Does not ask debconf questions - Packaging and build is easy: https://salsa.debian.org/gnome-team/libsoup3/-/blob/debian/master/debian/rules [UI standards] Skipping [Dependencies] - No dependencies not already in main - libsoup-3.0-dev has been added to the Extra-Exclude list to keep its sysprof dependency out of main for now [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.) - Team is not yet, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code [Background information] The Ubuntu Desktop Team expects that it will be necessary to keep both libsoup2.4 and libsoup3 in main for Ubuntu 22.10. This is a big and complicated transition. Apps will crash if they are linked against both libraries. Upstream progress tracker: https://gitlab.gnome.org/GNOME/libsoup/-/issues/218 Migration hints: https://libsoup.org/libsoup-3.0/migrating-from-libsoup-2.html https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3.html Estimated 30 affected source packages in main (some are libraries so true affected count is higher): https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3-main.html [Availability] Already in Ubuntu universe. Builds and works for all supported architectures including i386 https://launchpad.net/ubuntu/+source/libsoup3 [Rationale] GNOME is switching to libsoup3. This has been delayed a few releases but I suspect it will be more mandatory for GNOME 43 or GNOME 44. - gnome-bluetooth3 is a new runtime dependency of package gnome-shell that we already support libsoup3 is requested in Ubuntu main no longer than August 4 to allow time for reverse dependencies to be switched before 22.10 Feature Freeze August 25. [Security] - https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libsoup - https://ubuntu.com/security/cve?package=libsoup2.4 - https://security-tracker.debian.org/tracker/source-package/libsoup2.4 - no `suid` or `sgid` binaries - no executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs - Package does not open privileged ports (ports < 1024) - debian/rules builds with all standard hardening flags This is a security-sensitive library that allows apps to access data over the Internet. [Quality assurance - function/usage] The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu and has not too many   and long term critical bugs open - Ubuntu https://bugs.launchpad.net/ubuntu/+source/libsoup3 - Ubuntu older series https://bugs.launchpad.net/ubuntu/+source/libsoup2.4 - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup3 - Debian older series https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libsoup2.4 - GNOME https://gitlab.gnome.org/GNOME/libsoup/-/issues - The package does not deal with exotic hardware we cannot support [Quality assurance - testing] - Runs a test suite on build time, if it fails it makes the build fail, link to build log: https://launchpad.net/ubuntu/+source/libsoup3/3.0.6-1/+build/23589175/+files/buildlog_ubuntu-kinetic-amd64.libsoup3_3.0.6-1_BUILDING.txt.gz - Includes autopkgtests, both a basic superficial test and an installed-tests suite [Quality assurance - packaging] - debian/watch is present and works - Does not yield massive lintian Warnings or Errors - Lintian overrides are not present - Des not rely on obsolete or about to be demoted packages. - Has no python2 or GTK2 dependencies - Does not ask debconf questions - Packaging and build is easy: https://salsa.debian.org/gnome-team/libsoup3/-/blob/debian/master/debian/rules [UI standards] Skipping [Dependencies] - No dependencies not already in main - libsoup-3.0-dev has been added to the Extra-Exclude list to keep its sysprof dependency out of main for now [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - Owning Team will be Ubuntu Desktop (Co-maintained with Debian GNOME team.) - Team is not yet, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code [Background information] The Ubuntu Desktop Team expects that it will be necessary to keep both libsoup2.4 and libsoup3 in main for Ubuntu 22.10. This is a big and complicated transition. Apps will crash if they are linked against both libraries. Upstream progress tracker: https://gitlab.gnome.org/GNOME/libsoup/-/issues/218 Migration hints: https://libsoup.org/libsoup-3.0/migrating-from-libsoup-2.html Fedora announcement: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/JAQJ5WJQ6U6IZ3BZAZ5AM3VMMQCNOA7G/ https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3.html Estimated 30 affected source packages in main (some are libraries so true affected count is higher): https://people.canonical.com/~ubuntu-archive/transitions/html/libsoup3-main.html
2022-06-03 19:11:58 Sebastien Bacher libsoup3 (Ubuntu): status Fix Committed Fix Released