Comment 5 for bug 1811824

[Duplication]
No other comparable filtering dbus proxy in the archive (and none in main obviously)

[Embedded sources and static linking]
- no embedded sources
- no golang
- no static linking

[Security]
- no CVEs on top of the reported and fixed CVE-2018-6560
- does not run a daemon as root
- does not uses webkit1,2 (in fact only becomes important with webkit2gtk 2.26)
- does not use lib*v8 directly
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop

It does
- parses data formats
- opens a port (not a classic one but on dbus)
- does not processes arbitrary web content, but semi arbitrary dbus messages
- does not deals with system authentication (eg, pam), etc), but dbus is involved there and due to that it is as well.

This needs a security review, which fortunately already was done.
So we can feel safe on that side.

[Common blockers]
- builds on all arches without FTBFS
- has a (minimal) build time test
- has a autopkgtest
- code/msg isn't really user visible (no translations needed)
- not a python package
- Desktop Packages is subscribed
- Desktop packages is subscribed

[Packaging red flags]
- no Ubuntu delta
- no library that is exposed for symbols tracking
- watch file present
- update history seems ok
- current release packaged
- no MOTU conflict
- no massive Lintian warnings
- debian/rules is small and clean
- no Built-Using
- no golang checks needed

[Upstream red flags]
- no warning/errors on build
- no incautious use of malloc/sprintf that came up in checkers
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no known Important bugs (crashers, etc) in Debian or Ubuntu
- no Dependency on webkit, qtwebkit, seed or libgoa-* (but vice versa)
- no Embedded source copies

[Summary]
This package seems fine - ACK for the MIR Team