2024-04-16 08:40:43 |
Alberto Contreras |
bug |
|
|
added bug |
2024-04-16 09:57:10 |
Alberto Contreras |
description |
TODO |
[Availability]
The package python-s3transfer is already in Ubuntu universe.
The package python-s3transfer build for the architectures it is designed to work on.
They build amd64 only (but binary is arch-all)
Link to package https://launchpad.net/ubuntu/+source/python-s3transfer
[Rationale]
The package python-s3transfer is required in Ubuntu main for python-boto3
The package python-s3transfer will not generally be useful for a large part of
our user base, but is important/helpful still because it is required by python-boto3
which is in the MIR process as a dependency of simplestreams.
python-boto3 MIR link: https://bugs.launchpad.net/ubuntu/+source/python-boto3/+bug/2061217
- The package python-s3transfer is required in Ubuntu main through the same scheduled requested for the python-boto3 promotion, since python-boto3 depends on it.
[Security]
- No CVEs/security issues in this software in the past:
(0)https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python-s3transfer
(0)https://security-tracker.debian.org/tracker/source-package/python-s3transfer
(0)https://ubuntu.com/security/cves?q=&package=python-s3transfer&priority=&version=&status=
No `suid` or `sgid` binaries
No executables in `/sbin` and `/usr/sbin`
Package does not install services, timers or recurring jobs
Packages does not open privileged ports (ports < 1024).
Package does not expose any external endpoints
Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
The package works well right after install. It's a python library.
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu (1)https://bugs.launchpad.net/ubuntu/+source/python-s3transfer/+bugs
- Debian (0)https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=python-s3transfer
- Upstream's bug tracker (24)https://github.com/boto/s3transfer/issues
Looks normal for the age and impact of these libraries
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time because it is not configured to do so,
the upstream source code contains unit tests
- The package does not run an autopkgtest because they are not configured to do so.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- Lintian does not run as part of the build https://launchpadlibrarian.net/709963913/buildlog_ubuntu-noble-amd64.python-s3transfer_0.10.0-1_BUILDING.txt.gz
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy, link to debian/rules: https://git.launchpad.net/ubuntu/+source/python-s3transfer/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them
is at:
- python-botocore: https://bugs.launchpad.net/ubuntu/+source/python-botocore/+bug/2061751
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Ubuntu Server and I have their acknowledgement for
that commitment
- The future owning team is already subscribed to the package
- This does not use static builds
- This does not use vendored code
- This package is not rust based
[Background information]
The Package description explains the package well
Upstream Name is s3transfer
Link to upstream project https://github.com/boto/s3transfer |
|
2024-04-16 10:00:25 |
Alberto Contreras |
description |
[Availability]
The package python-s3transfer is already in Ubuntu universe.
The package python-s3transfer build for the architectures it is designed to work on.
They build amd64 only (but binary is arch-all)
Link to package https://launchpad.net/ubuntu/+source/python-s3transfer
[Rationale]
The package python-s3transfer is required in Ubuntu main for python-boto3
The package python-s3transfer will not generally be useful for a large part of
our user base, but is important/helpful still because it is required by python-boto3
which is in the MIR process as a dependency of simplestreams.
python-boto3 MIR link: https://bugs.launchpad.net/ubuntu/+source/python-boto3/+bug/2061217
- The package python-s3transfer is required in Ubuntu main through the same scheduled requested for the python-boto3 promotion, since python-boto3 depends on it.
[Security]
- No CVEs/security issues in this software in the past:
(0)https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python-s3transfer
(0)https://security-tracker.debian.org/tracker/source-package/python-s3transfer
(0)https://ubuntu.com/security/cves?q=&package=python-s3transfer&priority=&version=&status=
No `suid` or `sgid` binaries
No executables in `/sbin` and `/usr/sbin`
Package does not install services, timers or recurring jobs
Packages does not open privileged ports (ports < 1024).
Package does not expose any external endpoints
Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
The package works well right after install. It's a python library.
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu (1)https://bugs.launchpad.net/ubuntu/+source/python-s3transfer/+bugs
- Debian (0)https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=python-s3transfer
- Upstream's bug tracker (24)https://github.com/boto/s3transfer/issues
Looks normal for the age and impact of these libraries
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time because it is not configured to do so,
the upstream source code contains unit tests
- The package does not run an autopkgtest because they are not configured to do so.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- Lintian does not run as part of the build https://launchpadlibrarian.net/709963913/buildlog_ubuntu-noble-amd64.python-s3transfer_0.10.0-1_BUILDING.txt.gz
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy, link to debian/rules: https://git.launchpad.net/ubuntu/+source/python-s3transfer/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them
is at:
- python-botocore: https://bugs.launchpad.net/ubuntu/+source/python-botocore/+bug/2061751
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Ubuntu Server and I have their acknowledgement for
that commitment
- The future owning team is already subscribed to the package
- This does not use static builds
- This does not use vendored code
- This package is not rust based
[Background information]
The Package description explains the package well
Upstream Name is s3transfer
Link to upstream project https://github.com/boto/s3transfer |
[Availability]
The package python-s3transfer is already in Ubuntu universe.
The package python-s3transfer build for the architectures it is designed to work on.
They build amd64 only (but binary is arch-all)
Link to package https://launchpad.net/ubuntu/+source/python-s3transfer
[Rationale]
The package python-s3transfer is required in Ubuntu main for python-boto3
The package python-s3transfer will not generally be useful for a large part of
our user base, but is important/helpful still because it is required by python-boto3
which is in the MIR process as a dependency of simplestreams.
python-boto3 MIR link: https://bugs.launchpad.net/ubuntu/+source/python-boto3/+bug/2061217
- The package python-s3transfer is required in Ubuntu main through the same scheduled requested for the python-boto3 promotion, since python-boto3 depends on it.
[Security]
- No CVEs/security issues in this software in the past:
(0)https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=python-s3transfer
(0)https://security-tracker.debian.org/tracker/source-package/python-s3transfer
(0)https://ubuntu.com/security/cves?q=&package=python-s3transfer&priority=&version=&status=
No `suid` or `sgid` binaries
No executables in `/sbin` and `/usr/sbin`
Package does not install services, timers or recurring jobs
Packages does not open privileged ports (ports < 1024).
Package does not expose any external endpoints
Packages does not contain extensions to security-sensitive software
(filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
The package works well right after install. It's a python library.
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu (1)https://bugs.launchpad.net/ubuntu/+source/python-s3transfer/+bugs
- Debian (0)https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=python-s3transfer
- Upstream's bug tracker (24)https://github.com/boto/s3transfer/issues
Looks normal for the age and impact of these libraries
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time because it is not configured to do so,
the upstream source code contains unit tests
- The package does not run an autopkgtest because they are not configured to do so.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- Lintian does not run as part of the build https://launchpadlibrarian.net/709963913/buildlog_ubuntu-noble-amd64.python-s3transfer_0.10.0-1_BUILDING.txt.gz
- Lintian output attached
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy, link to debian/rules: https://git.launchpad.net/ubuntu/+source/python-s3transfer/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them
is at:
- python-botocore: https://bugs.launchpad.net/ubuntu/+source/python-botocore/+bug/2061751
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Ubuntu Server and I have their acknowledgement for
that commitment
- The future owning team is already subscribed to the package
- This does not use static builds
- This does not use vendored code
- This package is not rust based
[Background information]
The Package description explains the package well
Upstream Name is s3transfer
Link to upstream project https://github.com/boto/s3transfer |
|
2024-04-16 10:04:24 |
Alberto Contreras |
bug |
|
|
added subscriber MIR approval team |
2024-04-16 10:09:48 |
Alberto Contreras |
summary |
[MIR] python-s3transfer as dependency of python-boto3 |
[MIR] python-s3transfer as indirect dependency of simplestreams (simplestreams -> python-boto3 -> python-s3transfer) |
|
2024-04-16 15:00:55 |
Christian Ehrhardt |
python-s3transfer (Ubuntu): assignee |
|
Christian Ehrhardt (paelzer) |
|
2024-04-16 18:58:50 |
Christian Ehrhardt |
python-s3transfer (Ubuntu): assignee |
Christian Ehrhardt (paelzer) |
Ubuntu Security Team (ubuntu-security) |
|
2024-04-17 08:15:57 |
Christian Ehrhardt |
python-s3transfer (Ubuntu): status |
New |
Fix Committed |
|
2024-04-17 18:55:44 |
Mark Esler |
tags |
|
sec-4083 |
|
2024-04-18 06:41:05 |
Christian Ehrhardt |
python-s3transfer (Ubuntu): status |
Fix Committed |
Fix Released |
|