Comment 1 for bug 1862773

[Summary]
Other than the known - but sort of accepted - duplication issue this LGTM.
Following the rules this also needs security review, and for an ack you also
need to add the team subscription.

@Openstack:
- please subscribe to the package and ping back here.
- thanks for improving and going ahead of Debian, but please continue to
  put attention onto the package.

@Security - review needed, but should be small and fast

[Duplication]
There is the duplication issue with python3-prettytable that was already
mentioned in the description.

But the reasoning for the duplication rule is to keep maintenance effort
reasonable, this one does not seem to increase that a lot.

For now there seems to be no way to do openstack without it and switching that
to python3-prettytable seems just as un-practical than vice versa.

Never the less I'd want to ask the Openstack Team after the current releases
are done to check how doable a switch to python-tabulate would be for the
remaining rev-deps. Can (and most likely is) be "not doable", but then we
know instead of guess.

[Dependencies]
OK:
- no other Dependencies to MIR due to this
- no -dev/-debug/-doc packages that need exclusion

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)

Problems:
- it does not parse data formats to render them

I'm torn as this is really minimal, but following the rules there could be
something in here that could be exploited by people manipulating the data.
And that way people might breach into a more important program that depends/uses
python-tabulate.
This is small, so the review should be quick - but I'd ask to do one (better
safe than sorry)

[Common blockers]
OK:
- does not FTBFS currently
- does have a test suite that runs at build time
  - test suite fails will fail the build upon error.
- no translation present, but none needed for this case (user visible)?
- no new python2 dependency
- used dh_python

Problems:
- does not have a test suite that runs as autopkgtest (probably ok for this as
  itself only depends on python3)
- ubuntu-openstack (nor openstack-ubuntu-packagers) isn't subscribed yet

[Packaging red flags]
OK:
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Debian/Ubuntu update history is sporadic, but you fixed that - thanks
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs
  that so far maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- not using Built-Using

Problems:
- Ubuntu does carry a delta, but it is reasonable and maintenance under control
  I mean thanks for updating and enabling the tests, but just be clear that
  therefore this package seems to be more on you than usual.
  Please plan to not just update it for promotion, but also regularly later on.

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- no embedded source copies
- not part of the UI for extra checks