[MIR] new dependencies of cherrypy3: jaraco.collections, jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools, python-tempora, python-portend, zc.lockfile

Bug #1930111 reported by Stefano Rivera
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cherrypy3 (Ubuntu)
Undecided
Unassigned
jaraco.classes (Ubuntu)
Undecided
Unassigned
jaraco.collections (Ubuntu)
Undecided
Unassigned
jaraco.text (Ubuntu)
Undecided
Unassigned
python-cheroot (Ubuntu)
Undecided
Ubuntu Security Team
python-jaraco.functools (Ubuntu)
Undecided
Unassigned
python-portend (Ubuntu)
Undecided
Unassigned
python-tempora (Ubuntu)
Undecided
Unassigned
zc.lockfile (Ubuntu)
Undecided
Unassigned

Bug Description

[Availability]
All packages are already in universe, and in sync with Debian.
They are all architecture independent.
jaraco.classes, jaraco.collections is new to Debian & Ubuntu (currently only in experimental), and portend and jaraco.functools are relatively new, since 2019
cheroot and zc.lockfile have been in Debian & Ubuntu for many years.

[Rationale]
Dependencies of the new cherrypy3 18.6.0-1 release.

[Security]
No security issues ever reported for any of these libraries.

[Quality assurance]
All the packages are simple Python libraries, no configuration or debconf questions.
No open bugs in Debian or Ubuntu.
jaraco.classes, jaraco.collections, jaraco.functools, jaraco.text, portend, tempora, and zc.lockfiles's test suites are run at build time.
cheroot's test suite is not run at build time, due to missing dependencies in the archive (jaraco.context).
No significant lintian issues, although jaraco.functools, portend, tempora and zc.lockfile could fix some obvious trivial issues.

[Dependencies]
This issue is for a set of dependencies for cherrypy3

[Standards compliance]
Packages are simple python libraries, installed to the correct locations, and lintian clean (except old standards versions, compats, etc.)

[Maintenance]
All packages seem relatively well maintained upstream, and are a few years old at this point.
jaraco.classes, jaraco.collections, jaraco.functools, ported, and tempora have 0 open issues and pull requests, upstream.
chreroot has tens of open issues and pull requests, but the project hasn't stagnated, it just seems to be being actively developed.
zc.lockfile has seen no commits since 2019, but doesn't have issues and PRs piling up.

[Background information]

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

@James - will the openstack team own (and you do the reviews) on these ?

Changed in jaraco.classes (Ubuntu):
assignee: nobody → James Page (james-page)
Revision history for this message
James Page (james-page) wrote :

for reference - ceph-mgr uses cherrypy3 which is what pulls this into main.

Revision history for this message
James Page (james-page) wrote :

jaraco.classes:

[Summary]
Looks OK from my perspective for promotion to main and no security review needed.

+1 from MIR team.

[Duplication]
OK:
- There is no other package in main providing the same functionality.

[Dependencies]
OK:
- All covered on this MIR bug.

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- no history of CVE's (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jaraco)
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
  - test suite fails will fail the build upon error.
- does have a test suite that runs as autopkgtest
- The package has a team bug subscriber
- no translation present, but none needed for this case
- no new python2 dependency
- Python package that is using dh_python

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Relatively new package so no update history
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks

Changed in jaraco.classes (Ubuntu):
status: New → Fix Committed
Changed in jaraco.collections (Ubuntu):
status: New → Fix Committed
Revision history for this message
James Page (james-page) wrote :

jaraco.collections:

[Summary]
Looks OK from my perspective for promotion to main and no security review needed.

+1 from MIR team.

[Duplication]
OK:
- There is no other package in main providing the same functionality.

[Dependencies]
OK:
- All covered on this MIR bug.

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- no history of CVE's (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jaraco)
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
  - test suite fails will fail the build upon error.
- does have a test suite that runs as autopkgtest
- The package has a team bug subscriber
- no translation present, but none needed for this case
- no new python2 dependency
- Python package that is using dh_python

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Relatively new package so no update history
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks

Revision history for this message
James Page (james-page) wrote :

jaraco.text

[Summary]
Looks OK from my perspective for promotion to main and no security review needed.

+1 from MIR team.

[Duplication]
OK:
- There is no other package in main providing the same functionality.

[Dependencies]
OK:
- All covered on this MIR bug.

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- no history of CVE's (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jaraco)
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
  - test suite fails will fail the build upon error.
- does have a test suite that runs as autopkgtest
- The package has a team bug subscriber
- no translation present, but none needed for this case
- no new python2 dependency
- Python package that is using dh_python

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Relatively new package so no update history
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks

Changed in jaraco.text (Ubuntu):
status: New → Fix Committed
Changed in python-jaraco.functools (Ubuntu):
status: New → Fix Committed
Revision history for this message
James Page (james-page) wrote :

python-jaraco.functools

[Summary]
Looks OK from my perspective for promotion to main and no security review needed.

+1 from MIR team.

[Duplication]
OK:
- There is no other package in main providing the same functionality.

[Dependencies]
OK:
- All covered on this MIR bug.

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- no history of CVE's (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jaraco)
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
  - test suite fails will fail the build upon error.
- does have a test suite that runs as autopkgtest
- The package has a team bug subscriber
- no translation present, but none needed for this case
- no new python2 dependency
- Python package that is using dh_python

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Relatively new package so no update history
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks

Changed in python-portend (Ubuntu):
status: New → Fix Committed
Revision history for this message
James Page (james-page) wrote :

[Summary]
Looks OK from my perspective for promotion to main and no security review needed.

Would be nice to see the most recent upstream release but I don't consider this
a blocker for promotion.

+1 from MIR team.

[Duplication]
OK:
- There is no other package in main providing the same functionality.

[Dependencies]
OK:
- All covered on this MIR bug.

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- no history of CVE's (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jaraco)
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
  - test suite fails will fail the build upon error.
- does have a test suite that runs as autopkgtest
- The package has a team bug subscriber
- no translation present, but none needed for this case
- no new python2 dependency
- Python package that is using dh_python

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Relatively new package so no update history
- the current release is not packaged (2.6 vs 2.7.1)
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using

Recommendation:
- Bump package version to most recent upstream release (not a blocker).

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks

Revision history for this message
James Page (james-page) wrote :

#7 was for python-portend

Revision history for this message
James Page (james-page) wrote :

python-tempora:

[Summary]
Looks OK from my perspective for promotion to main and no security review needed.

Would be nice to see the most recent upstream release but I don't consider this
a blocker for promotion.

+1 from MIR team.

[Duplication]
OK:
- There is no other package in main providing the same functionality.

[Dependencies]
OK:
- All covered on this MIR bug.

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- no history of CVE's (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jaraco)
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
  - test suite fails will fail the build upon error.
- does have a test suite that runs as autopkgtest
- The package has a team bug subscriber
- no translation present, but none needed for this case
- no new python2 dependency
- Python package that is using dh_python

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Relatively new package so no update history
- the current release is not packaged (2.1.1 vs 4.0.2)
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using

Recommendation:
- Bump package version to most recent upstream release (not a blocker).

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks

Revision history for this message
James Page (james-page) wrote :

python-cheroot:

[Summary]
This package provides a pure Python HTTP server implementation which is
used as part of CherryPy - as a result it needs a full security review.

The test suite for this package is currently skipped due to missing
dependencies - as this feels like a critical part of CherryPy I'd like
to see this deficiency resolved prior to promotion to Ubuntu main.

[Duplication]
OK:
- There is no other package in main providing the same functionality.

[Dependencies]
OK:
- All covered on this MIR bug.

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- no history of CVE's (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jaraco)
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs as autopkgtest
- The package has a team bug subscriber
- no translation present, but none needed for this case
- no new python2 dependency
- Python package that is using dh_python

Blockers:
- test suite present but currently skipped in packaging.

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Relatively new package so no update history
- current release less one patch release is currently packaged.
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks

Changed in python-cheroot (Ubuntu):
status: New → Incomplete
Changed in python-tempora (Ubuntu):
status: New → Fix Committed
Changed in jaraco.classes (Ubuntu):
assignee: James Page (james-page) → nobody
Revision history for this message
James Page (james-page) wrote :

$ ./subscribe-to-package.py --user ubuntu-openstack --package jaraco.classes,jaraco.collections,jaraco.text,python-jaraco.functools,python-portend,python-temporaubuntu-openstack is now subscribed to all bugs about jaraco.classes.
ubuntu-openstack is now subscribed to all bugs about jaraco.collections.
ubuntu-openstack is now subscribed to all bugs about jaraco.text.
ubuntu-openstack is now subscribed to all bugs about python-jaraco.functools.
ubuntu-openstack is now subscribed to all bugs about python-portend.
ubuntu-openstack is now subscribed to all bugs about python-tempora.

Changed in zc.lockfile (Ubuntu):
assignee: nobody → James Page (james-page)
Revision history for this message
James Page (james-page) wrote :

zc.lockfile:

[Summary]
Fairly simple python package to support IPC locks under Python3

+1 from MIR team for promotion to main.

[Duplication]
OK:
- There are similar packages in main but this is a fairly trivial python
  module so no issue with some level of duplication.

[Dependencies]
OK:
- All covered on this MIR bug.

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- no history of CVE's (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=zc.lockfile)
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs as autopkgtest
- The package has a team bug subscriber
- no translation present, but none needed for this case
- no new python2 dependency
- Python package that is using dh_python
- test suite present and executed as part of package build

[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Relatively new package so no update history
- the current release is packaged.
- promoting this does not seem to cause issues for MOTUs that so far
  maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- Does not have Built-Using

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu or Upstream
- no dependency on webkit, qtwebkit, seed or libgoa-*
- not part of the UI for extra checks

Changed in zc.lockfile (Ubuntu):
status: New → Fix Committed
assignee: James Page (james-page) → nobody
Revision history for this message
James Page (james-page) wrote :

$ ./subscribe-to-package.py --user ubuntu-openstack --package zc.lockfile
ubuntu-openstack is now subscribed to all bugs about zc.lockfile.

Revision history for this message
James Page (james-page) wrote :

All OK apart from python-cheroot which needs some further work to enable the test suite and will then need security team review.

Changed in python-cheroot (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
assignee: Ubuntu Security Team (ubuntu-security) → nobody
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
jaraco.classes 3.2.1-2 in impish: universe/misc -> main
python3-jaraco.classes 3.2.1-2 in impish amd64: universe/python/optional/100% -> main
python3-jaraco.classes 3.2.1-2 in impish arm64: universe/python/optional/100% -> main
python3-jaraco.classes 3.2.1-2 in impish armhf: universe/python/optional/100% -> main
python3-jaraco.classes 3.2.1-2 in impish i386: universe/python/optional/100% -> main
python3-jaraco.classes 3.2.1-2 in impish ppc64el: universe/python/optional/100% -> main
python3-jaraco.classes 3.2.1-2 in impish riscv64: universe/python/optional/100% -> main
python3-jaraco.classes 3.2.1-2 in impish s390x: universe/python/optional/100% -> main
8 publications overridden.

Changed in jaraco.classes (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
jaraco.collections 3.3.0-1 in impish: universe/misc -> main
python3-jaraco.collections 3.3.0-1 in impish amd64: universe/python/optional/100% -> main
python3-jaraco.collections 3.3.0-1 in impish arm64: universe/python/optional/100% -> main
python3-jaraco.collections 3.3.0-1 in impish armhf: universe/python/optional/100% -> main
python3-jaraco.collections 3.3.0-1 in impish i386: universe/python/optional/100% -> main
python3-jaraco.collections 3.3.0-1 in impish ppc64el: universe/python/optional/100% -> main
python3-jaraco.collections 3.3.0-1 in impish riscv64: universe/python/optional/100% -> main
python3-jaraco.collections 3.3.0-1 in impish s390x: universe/python/optional/100% -> main
8 publications overridden.

Changed in jaraco.collections (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
jaraco.text 3.5.0-2 in impish: universe/misc -> main
python3-jaraco.text 3.5.0-2 in impish amd64: universe/python/optional/100% -> main
python3-jaraco.text 3.5.0-2 in impish arm64: universe/python/optional/100% -> main
python3-jaraco.text 3.5.0-2 in impish armhf: universe/python/optional/100% -> main
python3-jaraco.text 3.5.0-2 in impish i386: universe/python/optional/100% -> main
python3-jaraco.text 3.5.0-2 in impish ppc64el: universe/python/optional/100% -> main
python3-jaraco.text 3.5.0-2 in impish riscv64: universe/python/optional/100% -> main
python3-jaraco.text 3.5.0-2 in impish s390x: universe/python/optional/100% -> main
8 publications overridden.

Changed in jaraco.text (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
python-jaraco.functools 3.0.0-1 in impish: universe/misc -> main
python3-jaraco.functools 3.0.0-1 in impish amd64: universe/python/optional/100% -> main
python3-jaraco.functools 3.0.0-1 in impish arm64: universe/python/optional/100% -> main
python3-jaraco.functools 3.0.0-1 in impish armhf: universe/python/optional/100% -> main
python3-jaraco.functools 3.0.0-1 in impish i386: universe/python/optional/100% -> main
python3-jaraco.functools 3.0.0-1 in impish ppc64el: universe/python/optional/100% -> main
python3-jaraco.functools 3.0.0-1 in impish riscv64: universe/python/optional/100% -> main
python3-jaraco.functools 3.0.0-1 in impish s390x: universe/python/optional/100% -> main
8 publications overridden.

Changed in python-jaraco.functools (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
python-portend 2.6-1 in impish: universe/misc -> main
python3-portend 2.6-1 in impish amd64: universe/python/optional/100% -> main
python3-portend 2.6-1 in impish arm64: universe/python/optional/100% -> main
python3-portend 2.6-1 in impish armhf: universe/python/optional/100% -> main
python3-portend 2.6-1 in impish i386: universe/python/optional/100% -> main
python3-portend 2.6-1 in impish ppc64el: universe/python/optional/100% -> main
python3-portend 2.6-1 in impish riscv64: universe/python/optional/100% -> main
python3-portend 2.6-1 in impish s390x: universe/python/optional/100% -> main
8 publications overridden.

Changed in python-portend (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
python-tempora 2.1.1-1 in impish: universe/misc -> main
python3-tempora 2.1.1-1 in impish amd64: universe/python/optional/100% -> main
python3-tempora 2.1.1-1 in impish arm64: universe/python/optional/100% -> main
python3-tempora 2.1.1-1 in impish armhf: universe/python/optional/100% -> main
python3-tempora 2.1.1-1 in impish i386: universe/python/optional/100% -> main
python3-tempora 2.1.1-1 in impish ppc64el: universe/python/optional/100% -> main
python3-tempora 2.1.1-1 in impish riscv64: universe/python/optional/100% -> main
python3-tempora 2.1.1-1 in impish s390x: universe/python/optional/100% -> main
8 publications overridden.

Changed in python-tempora (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

Override component to main
zc.lockfile 2.0-1 in impish: universe/python -> main
python3-zc.lockfile 2.0-1 in impish amd64: universe/python/optional/100% -> main
python3-zc.lockfile 2.0-1 in impish arm64: universe/python/optional/100% -> main
python3-zc.lockfile 2.0-1 in impish armhf: universe/python/optional/100% -> main
python3-zc.lockfile 2.0-1 in impish i386: universe/python/optional/100% -> main
python3-zc.lockfile 2.0-1 in impish ppc64el: universe/python/optional/100% -> main
python3-zc.lockfile 2.0-1 in impish riscv64: universe/python/optional/100% -> main
python3-zc.lockfile 2.0-1 in impish s390x: universe/python/optional/100% -> main
8 publications overridden.

Changed in zc.lockfile (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
James Page (james-page) wrote :

Test suite execution during package build enabled (albeit with some tests disabled due to missing dependencies or requirements for newer versions of pytest modules).

Assigning task for Ubuntu Security team review.

Changed in python-cheroot (Ubuntu):
status: Incomplete → New
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

Adding cherrypy3 task and update-excuse tag so this shows up under the cherrypy3 entry on excuses.

Changed in cherrypy3 (Ubuntu):
status: New → In Progress
tags: added: update-excuse
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers