[MIR] ruby-rack-session

Bug #2106774 reported by Renan Rodrigo
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ruby-rack-session (Ubuntu)
New
Undecided
Ioanna Alifieraki

Bug Description

This will be needed for qq.I am preemptively opening the bug to speed up process when the package lands in universe.

[Availability]
The package ruby-rack-session is proposed to land in Ubuntu universe - it was introduced in plucky, but did not migrate as it build-depends on ruby-rack (>= 3.0.0~), which is not available yet.
The package ruby-rack-session builds for the architectures it is designed to work on.
It currently builds and works for architectures: amd64 (all)
Link to package: https://launchpad.net/ubuntu/+source/ruby-rack-session

[Rationale]
ruby-rack-session used to be part of ruby-rack, but was separated in version 3 and declared as a Recommands. That can be seen in the upstream README (https://github.com/rack/rack-session) and in the ruby-rack changelog (https://tracker.debian.org/media/packages/r/ruby-rack/changelog-3.1.12-1)

ruby-rack (3.0.0-1) experimental; urgency=medium
  (...)
  * d/control: recommend ruby-rack-session and ruby-rackup.
  (...)

On plucky, ruby-rack stays in version 2, but we want version 3 in qq, and that would cause a component mismatch.

An alternative could be turning this Recommends into a Suggests, but version 4 of ruby-sinatra (currently in -proposed, not landing on plucky, but landing on qq) have ruby-rack-session as a dependency, causing a component-mismatch in -proposed.

The package ruby-rack-session is required in Ubuntu main for these scenarios, to solve the component mismatches generated by the dependency. It should first land in the qq release, together with ruby-rack v3.

This MIR is similar to https://bugs.launchpad.net/ubuntu/+source/ruby3.3/+bug/1556608 and https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497, in the sense that the code itself was already in main, as part of ruby-rack, and was separated into a specific gem now.

[Security]
Checked all suggested links, no CVEs/security issues in this software in the past.

I'm no security expert, but there are some points I could verify:

- no `suid` or `sgid` binaries, no executables in `/sbin` and `/usr/sbin` (gem is a library)
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints

[Quality assurance - function/usage]
The package works well right after install

[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
  not have any long-term & critical open bugs:
  - Ubuntu https://bugs.launchpad.net/ubuntu/+source/ruby-rack-session/+bug
  - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-rack-session
  - Upstream https://github.com/rack/rack-session/issues

- The package does not deal with exotic hardware we cannot support

[Quality assurance - testing]
The package runs a test suite on build time, if it fails it makes the build fail
link to build log: https://launchpadlibrarian.net/780899763/buildlog_ubuntu-plucky-amd64.ruby-rack-session_2.1.0-1_BUILDING.txt.gz

autopkgtests-wise, debian/control has
Testsuite: autopkgtest-pkg-ruby

[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
-`lintian --pedantic` has no output and returns 0
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/ruby-rack-session/tree/debian/rules

[UI standards]
- Application is not end-user facing (does not need translation)

[Dependencies]
- No further depends or recommends dependencies that are not yet in main

[Standards compliance]
- This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
- I Suggest the owning team to be Ubuntu Server (not yet subscribed)
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built within the last 3 months in the archive
- Build link on launchpad: https://launchpadlibrarian.net/780899763/buildlog_ubuntu-plucky-amd64.ruby-rack-session_2.1.0-1_BUILDING.txt.gz

[Background information]
- The Package description explains the package well
- Upstream Name is rack-session
- Link to upstream project: https://github.com/rack/rack-session

description: updated
Lukas Märdian (slyon)
Changed in ruby-rack-session (Ubuntu):
assignee: nobody → Ioanna Alifieraki (joalif)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.