[MIR] malcontent
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
malcontent (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Noble |
In Progress
|
Undecided
|
Unassigned |
Bug Description
Availability
============
In Universe, builds for all architectures and in sync with Debian.
Rationale
=========
Required for parental control features in GNOME.
Security
========
This will need a Security review.
Quality Assurance
=================
Package is maintained in Debian. No major bugs in Debian or Ubuntu.
UI Standards
============
Contains a graphical tool that follows GNOME UI standards.
Dependencies
============
All in main since we don't aim at promoting the UI library at this point (which is the one that Depends on libflatpak LP: #1812456)
The binary we request to promote are gir1.2-
Standards Compliance
=======
Package uses standards version 4.5.0.
Maintenance
===========
Actively developed upstream https:/
Packages actively maintained in Debian.
Security Checks
===============
No CVEs found in http://
Changed in malcontent (Ubuntu): | |
importance: | Undecided → Medium |
Changed in malcontent (Ubuntu): | |
assignee: | nobody → Dan Streetman (ddstreet) |
Changed in malcontent (Ubuntu): | |
status: | Incomplete → New |
description: | updated |
description: | updated |
Changed in malcontent (Ubuntu): | |
assignee: | nobody → Christian Ehrhardt (paelzer) |
[Summary]
This needs a team bug subscriber; setting back to 'incomplete'
until it has a team bug subscriber.
The 'malcontent-gui' binary package provides a GUI, and may need
further review from a UI perspective.
This does need a security review, so I'll assign ubuntu-security
after the above are addressed.
This is still dependent on libflatpak0 MIR from LP: #1812456
Otherwise, this is an ACK from MIR team.
specific binary packages to be promoted to main: malcontentui- 0 ui-0-0
- gir1.2-malcontent-0
- gir1.2-
- libmalcontent-0-0
- libmalcontent-
- libpam-malcontent
- malcontent
- malcontent-gui
Notes:
Required TODOs:
- some team (probably foundations) must subscribe to package bugs
- malcontent-gui package needs further review as part of UI
- needs security team review
- this does also depend on libflatpack0 MIR from LP: #1812456
[Duplication]
There is no other package in main providing the same functionality.
[Dependencies]
OK:
- other dependencies to MIR due to this:
libflatpak0 is in universe, but also in progress via LP: #1812456
Problems: -0-dev -ui-0-dev
- -dev packages that need exclusion:
libmalcontent
libmalcontent
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
Problems:
- does deal with system authentication (pam)
- does parse data formats
[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
- test suite fails will fail the build upon error.
- translation present
- not a python/go package
Problems:
- does not have a test suite that runs as autopkgtest
- The package does not have a team bug subscriber
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking is in place
- d/watch is present and looks ok
- Upstream update history is good
- Debian/Ubuntu update history is good but short, pkg was added recently
- promoting this does not seem to cause issues for MOTUs
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using
- not go Package
Problems:
- the current release is packaged
the latest upstream release is 0.9.0 while Debian/Ubuntu have 0.8.0
however, 0.9.0 is from only 2 weeks ago
[Upstream red flags]
OK:
- no Errors/warnings during the build (except minor annotation warnings)
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
Problems:
- 'malcontent-gui' package is part of the UI, needs extra checks