[MIR] mongodb, libv8, snowball, gyp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gyp (Ubuntu) |
Won't Fix
|
High
|
Unassigned | ||
libv8 (Ubuntu) |
Won't Fix
|
High
|
Unassigned | ||
mongodb (Ubuntu) |
Won't Fix
|
High
|
Unassigned | ||
snowball (Ubuntu) |
Won't Fix
|
High
|
Unassigned |
Bug Description
>> mongodb <<
Availability:
In universe for several releases.
Rationale:
Preferred data storage platform for Ceilometer (core OpenStack project) and a key component juju-core.
Security:
Two security issues, both resolved upstream. native helper security issue only impacts earlier versions of MongoDB - 2.4.x uses libv8 instead of spidermonkey and does not have this function.
QA:
Works out-of-the-box from packaging.
Package ships a test suite (smoke) which is executed on all target platforms.
Generally well maintained in Debian and in Ubuntu (server team).
Issue with OpenSSL license compatibility needs to be resolved (upstream working on this).
Dependencies: All in main aside from libv8, snowball and gyp
Maintenance:
Upstream push out minor point releases for bug fixes (MRE will be applied for).
Packaging generally in good shape aside from static linking of client binaries (being worked on in Debian).
>> libv8 <<
Availability:
In universe for several releases.
Rationale:
Dependency for MongoDB embedded scripting engine.
Security:
Lots of CVE's:
http://
I suspect that alot of these relate to the use of v8 in Chrome. However as this is a core component of chrome, we can reasonably expect Google to be responsive to security issues in the future.
QA:
Package works.
Regression tests executed during package build.
Dependencies:
Use gyp for build system.
Maintenance:
Well maintained in Debian (supports nodejs as well).
>> gyp <<
Availability:
In universe.
Rationale:
Build dependency for libv8
Security:
No CVE's found
QA:
Works from packaging, test suite present but not executed during build.
Dependencies: All in main
Maintenance:
Until recently not that well maintained in Debian; however nodejs maintainer seems to be picking things up now (see version in saucy which refreshed the package considerably).
>> snowball <<
Availability:
In universe.
Rationale:
libstemmer is a build and runtime dependency for mongodb > 2.4
Security:
No CVE's found
QA:
Packaging generally looks good - multi-arched.
Unit test suite executed during package build process.
Dependencies:
All in main.
Maintenance:
Debian and Ubuntu hold a pre-release snapshot; not much activity in the last 18 months.
Background information:
libstemmer provides algorithmic stemmer functions for building natural language search functions.
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in gyp (Ubuntu): | |
milestone: | none → ubuntu-13.08 |
Changed in libv8 (Ubuntu): | |
milestone: | none → ubuntu-13.08 |
Changed in mongodb (Ubuntu): | |
milestone: | none → ubuntu-13.08 |
Changed in snowball (Ubuntu): | |
milestone: | none → ubuntu-13.08 |
Changed in mongodb (Ubuntu): | |
importance: | Undecided → High |
Changed in libv8 (Ubuntu): | |
importance: | Undecided → High |
Changed in gyp (Ubuntu): | |
importance: | Undecided → High |
Changed in snowball (Ubuntu): | |
importance: | Undecided → High |
Changed in mongodb (Ubuntu): | |
milestone: | ubuntu-13.08 → ubuntu-13.09 |
Changed in snowball (Ubuntu): | |
milestone: | ubuntu-13.08 → ubuntu-13.09 |
Changed in gyp (Ubuntu): | |
milestone: | ubuntu-13.08 → ubuntu-13.09 |
Changed in mongodb (Ubuntu): | |
milestone: | ubuntu-13.09 → ubuntu-13.10 |
Changed in snowball (Ubuntu): | |
milestone: | ubuntu-13.09 → ubuntu-13.10 |
Changed in gyp (Ubuntu): | |
milestone: | ubuntu-13.09 → ubuntu-13.10 |
Changed in mongodb (Ubuntu): | |
milestone: | ubuntu-13.10 → saucy-updates |
Changed in snowball (Ubuntu): | |
milestone: | ubuntu-13.10 → saucy-updates |
Changed in gyp (Ubuntu): | |
milestone: | ubuntu-13.10 → saucy-updates |
Changed in mongodb (Ubuntu): | |
status: | Confirmed → Won't Fix |
Changed in snowball (Ubuntu): | |
status: | Confirmed → Won't Fix |
Changed in gyp (Ubuntu): | |
status: | Confirmed → Won't Fix |
Didier, can you look at this set?