Comment 6 for bug 1543641

[Summary]
SQLAlchemy-Utils extends SQLAlchemy with various new data types and helpers.

The new data types include JSON and Encrypted types.

SQLAlchemy provides an Object-Relation Mapping python library.

This does need a security review, so assigning ubuntu-security.

MIR team approval for inclusion in main (pending security review).

Actions:
  python3-intervals required for latest package build - ubuntu-archive
  Update to latest point release (0.36.8) - ubuntu-openstack
  Submit packaging changes back to Debian - ubuntu-openstack

[Duplication]
There is no other package in main providing the same functionality.

[Dependencies]
OK:
 - no other Dependencies to MIR due to this
 - no -dev/-debug/-doc packages that need exclusion

TODO: Problems:

[Embedded sources and static linking]
OK:
 - no embedded source present
 - no static linking

TODO: Problems:

[Security]
OK:
 - history of CVEs does not look concerning
   No history of CVE's

 - does not run a daemon as root
 - does not use webkit1,2
 - does not use lib*v8 directly
 - does not parse data formats
   Lots of data format handling including encryption -
   passing to security team for review.

 - does not open a port
 - does not process arbitrary web content
 - does not use centralized online accounts
 - does not integrate arbitrary javascript into the desktop
 - does not deal with system authentication (e.g. pam), etc)

[Common blockers]
OK:
 - does not FTBFS currently
   Current upload in Ubuntu blocked due to missing BD (python3-intervals).
   Checking the source this is a build time only requirement and the
   package is in the NEW queue for archive-admin review.

 - does have a test suite that runs at build time
   - test suite fails will fail the build upon error.
   No - package tests are run as autopkgtest due to the requirement
   for MySQL and PostgreSQL databases for testing.

 - does have a test suite that runs as autopkgtest
   Yes - the latest upload has autopkgtests.

 - The package has a team bug subscriber
   ubuntu-openstack

 - no translation present, but none needed for this case.
 - no new python2 dependency
 - Python package that is using dh_python

[Packaging red flags]
OK:
 - Ubuntu does carry a delta, but it is reasonable and maintenance under control
   Recent delta to add autopkgtests - this should be submitted back
   to Debian for consideration for inclusion by the Debian
   package maintainer.

 - symbols tracking not applicable for this kind of code.
 - d/watch is present and looks ok
 - Upstream update history is good
 - Debian/Ubuntu update history is good
 - the current release is packaged
   No - its a couple of point releases behind (0.36.8)
   This is not a blocker for main inclusion as Ubuntu is
   the same major version.

 - promoting this does not seem to cause issues for MOTUs that so far
   maintained the package
 - no massive Lintian warnings
 - d/rules is rather clean
 - not using Built-Using

Recommendations:
  Update to latest point release (0.36.8)
  Submit packaging changes back to Debian.

[Upstream red flags]
OK:
 - no Errors/warnings during the build
 - no incautious use of malloc/sprintf (as far as I can check it)
 - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
 - no use of user nobody
 - no use of setuid
 - no important open bugs (crashers, etc) in Debian or Ubuntu
 - no dependency on webkit, qtwebkit, seed or libgoa-*
 - no embedded source copies
 - not part of the UI for extra checks