| 2025-04-10 19:12:04 |
Renan Rodrigo |
description |
This will be needed for qq.
[Availability]
The package ruby-rack-session is proposed to land in Ubuntu universe - it was introduced in plucky, but did not migrate as it build-depends on ruby-rack (>= 3.0.0~), which is not available yet.
The package ruby-rack-session builds for the architectures it is designed to work on.
It currently builds and works for architectures: amd64 (all)
Link to package: https://launchpad.net/ubuntu/+source/ruby-rack-session
[Rationale]
ruby-rack-session used to be part of ruby-rack, but was separated in version 3 and declared as a Recommands. That can be seen in the upstream README (https://github.com/rack/rack-session) and in the ruby-rack changelog (https://tracker.debian.org/media/packages/r/ruby-rack/changelog-3.1.12-1)
ruby-rack (3.0.0-1) experimental; urgency=medium
(...)
* d/control: recommend ruby-rack-session and ruby-rackup.
(...)
On plucky, ruby-rack stays in version 2, but we want version 3 in qq, and that would cause a component mismatch.
An alternative could be turning this Recommends into a Suggests, but version 4 of ruby-sinatra (currently in -proposed, not landing on plucky, but landing on qq) have ruby-rack-session as a dependency, causing a component-mismatch in -proposed.
The package ruby-rack-session is required in Ubuntu main for these scenarios, to solve the component mismatches generated by the dependency. It should first land in the qq release, together with ruby-rack v3.
This MIR is similar to https://bugs.launchpad.net/ubuntu/+source/ruby3.3/+bug/1556608 and https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497, in the sense that the code itself was already in main, as part of ruby-rack, and was separated into a specific gem now.
[Security]
Checked all suggested links, no CVEs/security issues in this software in the past.
I'm no security expert, but there are some points I could verify:
- no `suid` or `sgid` binaries, no executables in `/sbin` and `/usr/sbin` (gem is a library)
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
[Quality assurance - function/usage]
The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have any long-term & critical open bugs:
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/ruby-rack-session/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-rack-session
- Upstream https://github.com/rack/rack-session/issues
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
The package runs a test suite on build time, if it fails it makes the build fail
link to build log: https://launchpadlibrarian.net/780899763/buildlog_ubuntu-plucky-amd64.ruby-rack-session_2.1.0-1_BUILDING.txt.gz
autopkgtests-wise, debian/control has
Testsuite: autopkgtest-pkg-ruby
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
-`lintian --pedantic` has no output and returns 0
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/ruby-rack-session/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- I Suggest the owning team to be Ubuntu Server (not yet subscribed)
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built within the last 3 months in the archive
- Build link on launchpad: https://launchpadlibrarian.net/780899763/buildlog_ubuntu-plucky-amd64.ruby-rack-session_2.1.0-1_BUILDING.txt.gz
[Background information]
- The Package description explains the package well
- Upstream Name is rack-session
- Link to upstream project: https://github.com/rack/rack-session |
This will be needed for qq.I am preemptively opening the bug to speed up process when the package lands in universe.
[Availability]
The package ruby-rack-session is proposed to land in Ubuntu universe - it was introduced in plucky, but did not migrate as it build-depends on ruby-rack (>= 3.0.0~), which is not available yet.
The package ruby-rack-session builds for the architectures it is designed to work on.
It currently builds and works for architectures: amd64 (all)
Link to package: https://launchpad.net/ubuntu/+source/ruby-rack-session
[Rationale]
ruby-rack-session used to be part of ruby-rack, but was separated in version 3 and declared as a Recommands. That can be seen in the upstream README (https://github.com/rack/rack-session) and in the ruby-rack changelog (https://tracker.debian.org/media/packages/r/ruby-rack/changelog-3.1.12-1)
ruby-rack (3.0.0-1) experimental; urgency=medium
(...)
* d/control: recommend ruby-rack-session and ruby-rackup.
(...)
On plucky, ruby-rack stays in version 2, but we want version 3 in qq, and that would cause a component mismatch.
An alternative could be turning this Recommends into a Suggests, but version 4 of ruby-sinatra (currently in -proposed, not landing on plucky, but landing on qq) have ruby-rack-session as a dependency, causing a component-mismatch in -proposed.
The package ruby-rack-session is required in Ubuntu main for these scenarios, to solve the component mismatches generated by the dependency. It should first land in the qq release, together with ruby-rack v3.
This MIR is similar to https://bugs.launchpad.net/ubuntu/+source/ruby3.3/+bug/1556608 and https://bugs.launchpad.net/ubuntu/+source/ruby-base64/+bug/2095497, in the sense that the code itself was already in main, as part of ruby-rack, and was separated into a specific gem now.
[Security]
Checked all suggested links, no CVEs/security issues in this software in the past.
I'm no security expert, but there are some points I could verify:
- no `suid` or `sgid` binaries, no executables in `/sbin` and `/usr/sbin` (gem is a library)
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
[Quality assurance - function/usage]
The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have any long-term & critical open bugs:
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/ruby-rack-session/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=ruby-rack-session
- Upstream https://github.com/rack/rack-session/issues
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
The package runs a test suite on build time, if it fails it makes the build fail
link to build log: https://launchpadlibrarian.net/780899763/buildlog_ubuntu-plucky-amd64.ruby-rack-session_2.1.0-1_BUILDING.txt.gz
autopkgtests-wise, debian/control has
Testsuite: autopkgtest-pkg-ruby
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
-`lintian --pedantic` has no output and returns 0
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy: https://git.launchpad.net/ubuntu/+source/ruby-rack-session/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- I Suggest the owning team to be Ubuntu Server (not yet subscribed)
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has been built within the last 3 months in the archive
- Build link on launchpad: https://launchpadlibrarian.net/780899763/buildlog_ubuntu-plucky-amd64.ruby-rack-session_2.1.0-1_BUILDING.txt.gz
[Background information]
- The Package description explains the package well
- Upstream Name is rack-session
- Link to upstream project: https://github.com/rack/rack-session |
|
