[MIR] rsyslog

Approved -- this is the default syslog in Debian.

Promoted. Please change seeds accordingly, so that it will stay in main.

But its dependency librelp still needs to be approved for main -- bug 388606. So I don't think I can safely change the seeds yet. I didn't make it clear enough that librelp was waiting, sorry.

librelp promoted and seeds changed now.

We would like to retroactively promote rsyslog-gnutls, a binary package built from src:rsyslog (subject of this completed MIR), into main.

rsyslog-gnutls provides a gnutls plugin which allows rsyslog to encrypt the data it sends to log servers. We believe this is a common scenario, and very much needed for compliance nowadays, and this package should be in main because of that.

rsyslog-gnutls was already part of this MIR, but was left in universe because nothing pulled it into main (dependency or seed change).

I didn't see any comments here in the bug, or in the MIR report (https://wiki.ubuntu.com/MainInclusionReport/rsyslog), that would be specific about rsyslog-gnutls and why it should not be promoted. There was just a list of dependencies, and they were ok for main inclusion, and remain so to this date:

bionic: 8.32.0-1ubuntu4
Depends: libc6 (>= 2.14), libgnutls30 (>= 3.5.6), rsyslog (= 8.32.0-1ubuntu4)
Suggests: gnutls-bin

Depends are all in main, and Suggests is in universe, which is ok.

focal: 8.2001.0-1ubuntu1.1
Depends: libc6 (>= 2.14), libgnutls30 (>= 3.6.12), rsyslog (= 8.2001.0-1ubuntu1.1)
Suggests: gnutls-bin

Same deps.

groovy: 8.2006.0-2ubuntu1
Depends: libc6 (>= 2.14), libgnutls30 (>= 3.6.12), rsyslog (= 8.2006.0-2ubuntu1)
Suggests: gnutls-bin

Same deps.

Hirsute: 8.2102.0-2ubuntu1
Depends: libc6 (>= 2.33), libgnutls30 (>= 3.7.0), rsyslog (= 8.2102.0-2ubuntu1)
Suggests: gnutls-bin

Same deps.

List of rsyslog CVEs in the Ubuntu CVE tracker: https://ubuntu.com/security/cve?q=&package=rsyslog&priority=&version=&status=
None are related to encryption support.

Thanks for the pre-checks Andreas,
- with my MIR-Team-hat I agree that it does not need a new re-evaluation for this.
- with my Server-Team-hat I have prepared a seed change for Hirsute to implement it.
  => https://code.launchpad.net/~paelzer/ubuntu-seeds/+git/platform/+merge/400101

Once we have agreed and completed it there we can discuss if/how-far back (in terms of releases) we want to apply the change.
Maybe you could join standup today to have a talk about the case with the Team?

$ change-override -s hirsute -c main rsyslog-gnutls
Override component to main
rsyslog-gnutls 8.2102.0-2ubuntu1 in hirsute amd64: universe/admin/extra/100% -> main
rsyslog-gnutls 8.2102.0-2ubuntu1 in hirsute arm64: universe/admin/extra/100% -> main
rsyslog-gnutls 8.2102.0-2ubuntu1 in hirsute armhf: universe/admin/extra/100% -> main
rsyslog-gnutls 8.2102.0-2ubuntu1 in hirsute ppc64el: universe/admin/extra/100% -> main
rsyslog-gnutls 8.2102.0-2ubuntu1 in hirsute riscv64: universe/admin/extra/100% -> main
rsyslog-gnutls 8.2102.0-2ubuntu1 in hirsute s390x: universe/admin/extra/100% -> main
Override [y|N]? y
6 publications overridden.

I'll provide MPs for bionic, focal and groovy to change the seeds to pull rsyslog-gnutls into main, as discussed in #ubuntu-meeting with Foundations today, and then ping an archive admin.

Meeting minutes: https://new.ubottu.com/meetingology/logs/ubuntu-meeting/2021/ubuntu-meeting.2021-03-25-15.00.moin.txt

Ack by the Ubuntu Security team to move rsyslog-gnutls to main, both for hirsute, and for bionic, focal, and groovy. Thanks!

Given Christian's comments in comment #6, and the fact that the seed changes were done, I'm going to mark the tasks for the stable releases as "fix committed"

Actually, Christian didn't explicitly ack the stable releases in that comment (but he did in the MPs I raised for the seed changes). I'll ask him tomorrow to flip the statuses.

Yeah, that should be ok we have the buy in from everyone involved that it is fine to promote in past releases.