| 2024-01-31 14:14:42 |
Paul Mars |
bug |
|
|
added bug |
| 2024-01-31 14:14:49 |
Paul Mars |
trace-cmd (Ubuntu): status |
New |
Incomplete |
|
| 2024-01-31 14:16:17 |
Paul Mars |
bug |
|
|
added subscriber MIR approval team |
| 2024-01-31 15:07:50 |
Paul Mars |
description |
[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/trace-cmd
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/trace-cmd/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=trace-cmd
- Upstream's bug tracker https://bugzilla.kernel.org/buglist.cgi?component=Trace-cmd%2FKernelshark
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/t/trace-cmd/20240117_073638_c1c31@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/arm64/t/trace-cmd/20240119_054257_84abe@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/ppc64el/t/trace-cmd/20240117_070636_bdbfa@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/s390x/t/trace-cmd/20240117_070802_84abe@/log.gz
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package will not be installed by default
- Packaging and build is easy https://git.launchpad.net/ubuntu/+source/trace-cmd/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- libtraceevent
- libtracefs
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https://launchpadlibrarian.net/712030593/buildlog_ubuntu-noble-amd64.trace-cmd_3.2-1build1_BUILDING.txt.gz
[Background information]
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/ |
[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/trace-cmd
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/trace-cmd/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=trace-cmd
- Upstream's bug tracker https://bugzilla.kernel.org/buglist.cgi?component=Trace-cmd%2FKernelshark
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/t/trace-cmd/20240117_073638_c1c31@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/arm64/t/trace-cmd/20240119_054257_84abe@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/ppc64el/t/trace-cmd/20240117_070636_bdbfa@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/s390x/t/trace-cmd/20240117_070802_84abe@/log.gz
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package is planned to be installed by default
- Packaging and build is easy https://git.launchpad.net/ubuntu/+source/trace-cmd/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- libtraceevent
- libtracefs
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https://launchpadlibrarian.net/712030593/buildlog_ubuntu-noble-amd64.trace-cmd_3.2-1build1_BUILDING.txt.gz
[Background information]
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/ |
|
| 2024-01-31 15:32:43 |
Paul Mars |
description |
[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/trace-cmd
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/trace-cmd/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=trace-cmd
- Upstream's bug tracker https://bugzilla.kernel.org/buglist.cgi?component=Trace-cmd%2FKernelshark
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/t/trace-cmd/20240117_073638_c1c31@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/arm64/t/trace-cmd/20240119_054257_84abe@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/ppc64el/t/trace-cmd/20240117_070636_bdbfa@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/s390x/t/trace-cmd/20240117_070802_84abe@/log.gz
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package is planned to be installed by default
- Packaging and build is easy https://git.launchpad.net/ubuntu/+source/trace-cmd/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- libtraceevent
- libtracefs
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https://launchpadlibrarian.net/712030593/buildlog_ubuntu-noble-amd64.trace-cmd_3.2-1build1_BUILDING.txt.gz
[Background information]
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/ |
[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/trace-cmd
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/trace-cmd/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=trace-cmd
- Upstream's bug tracker https://bugzilla.kernel.org/buglist.cgi?component=Trace-cmd%2FKernelshark
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/t/trace-cmd/20240117_073638_c1c31@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/arm64/t/trace-cmd/20240119_054257_84abe@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/ppc64el/t/trace-cmd/20240117_070636_bdbfa@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/s390x/t/trace-cmd/20240117_070802_84abe@/log.gz
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package is planned to be installed by default, but does not ask debconf questions
- Packaging and build is easy https://git.launchpad.net/ubuntu/+source/trace-cmd/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- libtraceevent
- libtracefs
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https://launchpadlibrarian.net/712030593/buildlog_ubuntu-noble-amd64.trace-cmd_3.2-1build1_BUILDING.txt.gz
[Background information]
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/ |
|
| 2024-02-01 08:36:43 |
Paul Mars |
description |
[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/trace-cmd
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/trace-cmd/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=trace-cmd
- Upstream's bug tracker https://bugzilla.kernel.org/buglist.cgi?component=Trace-cmd%2FKernelshark
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/t/trace-cmd/20240117_073638_c1c31@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/arm64/t/trace-cmd/20240119_054257_84abe@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/ppc64el/t/trace-cmd/20240117_070636_bdbfa@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/s390x/t/trace-cmd/20240117_070802_84abe@/log.gz
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package is planned to be installed by default, but does not ask debconf questions
- Packaging and build is easy https://git.launchpad.net/ubuntu/+source/trace-cmd/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- libtraceevent
- libtracefs
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https://launchpadlibrarian.net/712030593/buildlog_ubuntu-noble-amd64.trace-cmd_3.2-1build1_BUILDING.txt.gz
[Background information]
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/ |
[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/trace-cmd
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/trace-cmd/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=trace-cmd
- Upstream's bug tracker https://bugzilla.kernel.org/buglist.cgi?component=Trace-cmd%2FKernelshark
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/t/trace-cmd/20240117_073638_c1c31@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/arm64/t/trace-cmd/20240119_054257_84abe@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/ppc64el/t/trace-cmd/20240117_070636_bdbfa@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/s390x/t/trace-cmd/20240117_070802_84abe@/log.gz
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package is planned to be installed by default, but does not ask debconf questions
- Packaging and build is easy https://git.launchpad.net/ubuntu/+source/trace-cmd/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- https://bugs.launchpad.net/ubuntu/+source/libtraceevent/+bug/2051916
- libtracefs
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https://launchpadlibrarian.net/712030593/buildlog_ubuntu-noble-amd64.trace-cmd_3.2-1build1_BUILDING.txt.gz
[Background information]
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/ |
|
| 2024-02-01 09:43:13 |
Paul Mars |
description |
[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/trace-cmd
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/trace-cmd/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=trace-cmd
- Upstream's bug tracker https://bugzilla.kernel.org/buglist.cgi?component=Trace-cmd%2FKernelshark
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/t/trace-cmd/20240117_073638_c1c31@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/arm64/t/trace-cmd/20240119_054257_84abe@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/ppc64el/t/trace-cmd/20240117_070636_bdbfa@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/s390x/t/trace-cmd/20240117_070802_84abe@/log.gz
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package is planned to be installed by default, but does not ask debconf questions
- Packaging and build is easy https://git.launchpad.net/ubuntu/+source/trace-cmd/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- https://bugs.launchpad.net/ubuntu/+source/libtraceevent/+bug/2051916
- libtracefs
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https://launchpadlibrarian.net/712030593/buildlog_ubuntu-noble-amd64.trace-cmd_3.2-1build1_BUILDING.txt.gz
[Background information]
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/ |
[Availability]
The package trace-cmd is already in Ubuntu universe (Debian sync)
The package trace-cmd build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, armhf, ppc64el, riscv64, s390x
Link to package https://launchpad.net/ubuntu/+source/trace-cmd
[Rationale]
- The package trace-cmd is required in Ubuntu main to help improve the experience of performance engineers working with Ubuntu
- The package trace-cmd will not generally be useful for a large part of our user base, but is helpful still because it will help enhance application developer experience while trying to find performance gain.
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package trace-cmd is required in Ubuntu main no later than Feb 29 2024 (Feature Freeze) due to the will to have performance/tracing tools in Noble (LTS).
[Security]
- No CVEs/security issues in this software in the past. But one bug regarding a buffer overflow was found (see LP: #1955129) but not clearly identified as CVE/security bug.
- No `suid` or `sgid` binaries
- No executable in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs.
- Based on some quick tests, it looks like running trace-cmd is only making sense if run as root.
- Package can open privileged ports (ports < 1024) to listen for incoming connections to receive traces.
- I did not notice any use of apparmor/seccomp or any feature that could help mitigate an exploitation.
- Based on the previous elements, a more in-depth security review might be recommended.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/trace-cmd/+bug
- Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=trace-cmd
- Upstream's bug tracker https://bugzilla.kernel.org/buglist.cgi?component=Trace-cmd%2FKernelshark
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does have a test suite but it is not run at build time. I will submit a patch to do so.
- The package runs an autopkgtest, but is a "superficial" one. It is currently passing on amd64, arm64, ppc64el, s390x:
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/amd64/t/trace-cmd/20240117_073638_c1c31@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/arm64/t/trace-cmd/20240119_054257_84abe@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/ppc64el/t/trace-cmd/20240117_070636_bdbfa@/log.gz
- https://autopkgtest.ubuntu.com/results/autopkgtest-noble/noble/s390x/t/trace-cmd/20240117_070802_84abe@/log.gz
- The package does have failing autopkgtests for armhf tests right now, but it seems they always failed. A quick look at the error (Permission denied) suggest it might be fixable.
[Quality assurance - packaging]
- debian/watch is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- The package is planned to be installed by default, but does not ask debconf questions
- Packaging and build is easy https://git.launchpad.net/ubuntu/+source/trace-cmd/tree/debian/rules
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- There are further dependencies that are not yet in main, MIR for them will follow:
- https://bugs.launchpad.net/ubuntu/+source/libtraceevent/+bug/2051916
- https://bugs.launchpad.net/ubuntu/+source/libtracefs/+bug/2051925
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- The owning team will be Foundations and I have their acknowledgement for that commitment
- The future owning team is not yet subscribed, but will subscribe to the package before promotion
- The current bug subscriber (~chasedouglas) does not seem to be active anymore. Should we replace them by someone else?
- This does not use static builds
- This does not use vendored code
- The package was test rebuilt in a PPA recently https://launchpadlibrarian.net/712030593/buildlog_ubuntu-noble-amd64.trace-cmd_3.2-1build1_BUILDING.txt.gz
[Background information]
The Package description explains the package well.
Upstream Name is trace-cmd
Link to upstream project https://git.kernel.org/pub/scm/utils/trace-cmd/trace-cmd.git/ |
|
| 2024-02-01 10:48:12 |
Paul Mars |
trace-cmd (Ubuntu): status |
Incomplete |
New |
|
| 2024-02-02 18:43:14 |
Sudip Mukherjee |
bug |
|
|
added subscriber Sudip Mukherjee |
| 2024-02-06 15:41:05 |
Christian Ehrhardt |
trace-cmd (Ubuntu): assignee |
|
Ioanna Alifieraki (joalif) |
|
| 2024-02-26 16:08:06 |
Ioanna Alifieraki |
trace-cmd (Ubuntu): status |
New |
Incomplete |
|
| 2024-02-26 16:08:09 |
Ioanna Alifieraki |
trace-cmd (Ubuntu): assignee |
Ioanna Alifieraki (joalif) |
|
|
| 2024-02-26 16:08:43 |
Ioanna Alifieraki |
trace-cmd (Ubuntu): assignee |
|
Paul Mars (upils) |
|
| 2024-02-29 17:25:32 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~racb/ubuntu-seeds/+git/platform/+merge/461560 |
|
| 2024-02-29 21:42:13 |
Mark Esler |
tags |
|
sec-3932 |
|
| 2024-03-19 15:34:22 |
Lukas Märdian |
tags |
sec-3932 |
rls-nn-incoming sec-3932 |
|
| 2024-03-26 19:59:46 |
Mark Esler |
bug |
|
|
added subscriber Mark Esler |
| 2024-04-03 15:30:52 |
Nick Rosbrook |
trace-cmd (Ubuntu): assignee |
Paul Mars (upils) |
Nick Rosbrook (enr0n) |
|
| 2024-04-06 14:21:45 |
Launchpad Janitor |
trace-cmd (Ubuntu): status |
Incomplete |
Fix Released |
|
| 2024-04-08 13:44:36 |
Nick Rosbrook |
trace-cmd (Ubuntu): status |
Fix Released |
In Progress |
|
| 2024-04-08 15:34:28 |
Lukas Märdian |
trace-cmd (Ubuntu): status |
In Progress |
Incomplete |
|
| 2024-04-09 12:48:35 |
Lukas Märdian |
trace-cmd (Ubuntu): status |
Incomplete |
Fix Committed |
|
| 2024-04-18 05:57:25 |
Christian Ehrhardt |
trace-cmd (Ubuntu): status |
Fix Committed |
Fix Released |
|
| 2024-06-16 22:40:34 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~mwhudson/ubuntu-seeds/+git/platform/+merge/467562 |
|
