2019-05-13 20:39:55 |
Andreas Hasenack |
bug |
|
|
added bug |
2019-05-16 18:29:32 |
Andreas Hasenack |
description |
MIR placeholder |
[Availability]
The package is available in eoan universe (https://launchpad.net/ubuntu/+source/thin-provisioning-tools/0.7.6-2.1ubuntu1) and builds for amd64, arm64, armhf, i386, ppc64el, s390x.
[Rationale]
The package is useful as a Recommends of lvm2, which is in main. See bug #1657646, where confusion arises because it's possible to create thin pools without this package, but not activate them because a binary called thin_check is needed, and that is only available in thin-provisioning-tools. See https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1657646/comments/13 and, for a similar case involving cache pools, https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/1657646/comments/21.
[Security]
There are no CVE hits on mitre.
Query for "site:www.openwall.com/lists/oss-security thin-provisioning-tools" is empty.
Ubuntu CVE tracker is empty. I also searched for "lvm" in main and universe.
No suid executables.
No services are installed.
[Quality assurance]
No debconf questions.
LVM2 tools use the new thin provisioning tools without further configuration.
There are no open Ubuntu bugs.
One very old (2014) open bug in debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749328
Upstream URL seems incorrect in d/control:
https://gitlab.com/debian-lvm/thin-provisioning-tools is a 404 nowadays
New upstream seems to be https://github.com/jthornber/thin-provisioning-tools
I verified the release tarball from Debian and its hash matches the tarball downloaded from the above github repo.
Upstream issues: https://github.com/jthornber/thin-provisioning-tools/issues
Upstream PRs: https://github.com/jthornber/thin-provisioning-tools/pulls
Upstream release cadence: https://github.com/jthornber/thin-provisioning-tools/releases
I don't see critical bugs opened upstream or in debian.
Debian package tracker: https://tracker.debian.org/pkg/thin-provisioning-tools
- packaging could use some love and be updated. Standards is old, no manpage for the specific tool that is provided, url in d/control should be updated
- updates in debian seem frequent enough. Debian just doesn't have the latest 0.8 tree yet, but is up-to-date in the 0.7 one.
Test suite is run at package build time, and there are no DEP8 tests.
There is no d/watch file.
Lintian output confirms the packaging could use some love:
$ lintian -I --pedantic
P: thin-provisioning-tools source: file-contains-trailing-whitespace debian/changelog (line 145)
P: thin-provisioning-tools source: package-uses-old-debhelper-compat-version 10
W: thin-provisioning-tools source: package-needs-versioned-debhelper-build-depends 10
W: thin-provisioning-tools source: useless-autoreconf-build-depends dh-autoreconf
P: thin-provisioning-tools source: no-homepage-field
P: thin-provisioning-tools source: insecure-copyright-format-uri http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
W: thin-provisioning-tools source: ancient-standards-version 3.9.5 (released 2013-10-28) (current is 4.3.0)
I: thin-provisioning-tools source: testsuite-autopkgtest-missing
I: thin-provisioning-tools source: debian-watch-file-is-missing
W: thin-provisioning-tools: manpage-has-errors-from-man usr/share/man/man8/cache_check.8.gz 1: warning: macro '"' not defined
W: thin-provisioning-tools: manpage-has-errors-from-man usr/share/man/man8/cache_dump.8.gz 1: warning: macro '"' not defined
W: thin-provisioning-tools: manpage-has-errors-from-man usr/share/man/man8/cache_metadata_size.8.gz 1: warning: macro '"' not defined
W: thin-provisioning-tools: manpage-has-errors-from-man ... use --no-tag-display-limit to see all (or pipe to a file/program)
I: thin-provisioning-tools: spelling-error-in-manpage usr/share/man/man8/era_dump.8.gz formated formatted
I: thin-provisioning-tools: spelling-error-in-manpage usr/share/man/man8/era_dump.8.gz writeing writing
I: thin-provisioning-tools: spelling-error-in-manpage usr/share/man/man8/thin_dump.8.gz formated formatted
I: thin-provisioning-tools: spelling-error-in-manpage ... use --no-tag-display-limit to see all (or pipe to a file/program)
W: thin-provisioning-tools: binary-without-manpage usr/sbin/pdata_tools
There are two build-dependencies from Universe, but they are used only for the test suite:
libgtest-dev,
google-mock,
I confirmed this by rebuilding the package with DEB_BUILD_OPTIONS=nocheck and removing these build-deps, and the package built fine with the same Depends as the copy from the archive.
No python2 or other deprecated build-deps.
[UI standards]
There is no i18n support.
[Dependencies]
All runtime dependencies are in main. There are build dependencies that are in universe, but these are used for the test suite only.
[Standards compliance]
d/rules is very simple
The packaging overall could use some modernization, see lintian output in an earlier section. Not too hard to update (watch file, d/control updates, standards-version).
File placement in terms of FHS is fine.
[Maintenance]
TBD who will maintain this package.
[Background information]
None at this time. |
|
2019-05-16 18:30:17 |
Andreas Hasenack |
bug |
|
|
added subscriber MIR approval team |
2019-05-17 06:31:31 |
Christian Ehrhardt |
thin-provisioning-tools (Ubuntu): assignee |
Andreas Hasenack (ahasenack) |
Christian Ehrhardt (paelzer) |
|
2019-05-17 06:51:06 |
Christian Ehrhardt |
thin-provisioning-tools (Ubuntu): assignee |
Christian Ehrhardt (paelzer) |
Ubuntu Security Team (ubuntu-security) |
|
2019-06-11 15:34:45 |
Joshua Powers |
bug |
|
|
added subscriber Joshua Powers |
2019-08-24 12:27:00 |
Francis Ginther |
tags |
|
id-5ccc50675baa0c05bc322dce |
|
2019-09-05 23:30:17 |
Steve Beattie |
attachment added |
|
coverity report https://bugs.launchpad.net/ubuntu/+source/thin-provisioning-tools/+bug/1828887/+attachment/5287044/+files/coverity.txt |
|
2019-09-05 23:31:41 |
Steve Beattie |
thin-provisioning-tools (Ubuntu): assignee |
Ubuntu Security Team (ubuntu-security) |
|
|
2019-09-06 05:58:51 |
Christian Ehrhardt |
thin-provisioning-tools (Ubuntu): status |
New |
In Progress |
|
2019-09-10 07:55:09 |
Christian Ehrhardt |
bug |
|
|
added subscriber Christian Ehrhardt |
2019-10-02 16:11:19 |
Matthias Klose |
thin-provisioning-tools (Ubuntu): status |
In Progress |
Fix Released |
|