[MIR] ruby-rack-session
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ruby-rack-session (Ubuntu) |
New
|
Undecided
|
Ioanna Alifieraki | ||
Bug Description
This will be needed for qq.I am preemptively opening the bug to speed up process when the package lands in universe.
[Availability]
The package ruby-rack-session is proposed to land in Ubuntu universe - it was introduced in plucky, but did not migrate as it build-depends on ruby-rack (>= 3.0.0~), which is not available yet.
The package ruby-rack-session builds for the architectures it is designed to work on.
It currently builds and works for architectures: amd64 (all)
Link to package: https:/
[Rationale]
ruby-rack-session used to be part of ruby-rack, but was separated in version 3 and declared as a Recommands. That can be seen in the upstream README (https:/
ruby-rack (3.0.0-1) experimental; urgency=medium
(...)
* d/control: recommend ruby-rack-session and ruby-rackup.
(...)
On plucky, ruby-rack stays in version 2, but we want version 3 in qq, and that would cause a component mismatch.
An alternative could be turning this Recommends into a Suggests, but version 4 of ruby-sinatra (currently in -proposed, not landing on plucky, but landing on qq) have ruby-rack-session as a dependency, causing a component-mismatch in -proposed.
The package ruby-rack-session is required in Ubuntu main for these scenarios, to solve the component mismatches generated by the dependency. It should first land in the qq release, together with ruby-rack v3.
This MIR is similar to https:/
[Security]
Checked all suggested links, no CVEs/security issues in this software in the past.
I'm no security expert, but there are some points I could verify:
- no `suid` or `sgid` binaries, no executables in `/sbin` and `/usr/sbin` (gem is a library)
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
[Quality assurance - function/usage]
The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/
not have any long-term & critical open bugs:
- Ubuntu https:/
- Debian https:/
- Upstream https:/
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
The package runs a test suite on build time, if it fails it makes the build fail
link to build log: https:/
autopkgtests-wise, debian/control has
Testsuite: autopkgtest-
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
-`lintian --pedantic` has no output and returns 0
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy: https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- I Suggest the owning team to be Ubuntu Server (not yet subscribed)
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built within the last 3 months in the archive
- Build link on launchpad: https:/
[Background information]
- The Package description explains the package well
- Upstream Name is rack-session
- Link to upstream project: https:/
| description: | updated |
| Changed in ruby-rack-session (Ubuntu): | |
| assignee: | nobody → Ioanna Alifieraki (joalif) |
