Ubuntu
zope.component package

  1. Bug #1820233
  2. Comment #2

Comment 2 for bug 1820233

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

I reviewed zope.component 4.3.0-1 as checked into eoan. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.

Zope is a free and open source web application server written in the
object-oriented programming language “Python”.
zope.component is a framework that provides facilities for defining,
registering and looking up components.

The project didn't receive a commit for the past 8 months but it is still
maintained and the code is mature.

- No CVE History:
- Build-Depends
  - dh-python
  - python-all
  - python-persistent
  - python-setuptools
  - python-zope.configuration
  - python-zope.event
  - python-zope.interface
  - python-zope.proxy
  - python-zope.security
  - python3-all
  - python3-persistent
  - python3-setuptools
  - python3-zope.configuration
  - python3-zope.event
  - python3-zope.interface
  - python3-zope.proxy
  - python3-zope.security
- prerm and postinst added automatically
- No init scripts
- No systemd units
- No dbus services
- No setuid binaries
- No binaries in PATH
- No sudo fragments
- No udev rules
- unit tests on src/zope/component/tests/
  - There are lots of tests, some of them also check coverage.
- No cron jobs
- Build logs:
dpkg-scanpackages: warning: Packages in archive but missing from override file:
dpkg-scanpackages: warning: sbuild-build-depends-core-dummy
dpkg-scanpackages: warning: Packages in archive but missing from override file:
dpkg-scanpackages: warning: sbuild-build-depends-core-dummy sbuild-build-depends-zope.component-dummy
dpkg-source: warning: extracting unsigned source package (zope.component_4.3.0-1.dsc)
warning: no previously-included files matching '*.dll' found anywhere in distribution
warning: no previously-included files matching '*.pyc' found anywhere in distribution
warning: no previously-included files matching '*.pyo' found anywhere in distribution
warning: no previously-included files matching '*.so' found anywhere in distribution
warning: no previously-included files matching 'coverage.xml' found anywhere in distribution
warning: no previously-included files matching '*.dll' found anywhere in distribution
warning: no previously-included files matching '*.pyc' found anywhere in distribution
warning: no previously-included files matching '*.pyo' found anywhere in distribution
warning: no previously-included files matching '*.so' found anywhere in distribution
warning: no previously-included files matching 'coverage.xml' found anywhere in distribution
warning: no previously-included files matching '*.dll' found anywhere in distribution
warning: no previously-included files matching '*.pyc' found anywhere in distribution
warning: no previously-included files matching '*.pyo' found anywhere in distribution
warning: no previously-included files matching '*.so' found anywhere in distribution
warning: no previously-included files matching 'coverage.xml' found anywhere in distribution
warning: no previously-included files matching '*.dll' found anywhere in distribution
warning: no previously-included files matching '*.pyo' found anywhere in distribution
warning: no previously-included files matching '*.so' found anywhere in distribution
warning: no previously-included files matching 'coverage.xml' found anywhere in distribution
warning: no previously-included files matching '*.dll' found anywhere in distribution
warning: no previously-included files matching '*.pyo' found anywhere in distribution
warning: no previously-included files matching '*.so' found anywhere in distribution
warning: no previously-included files matching 'coverage.xml' found anywhere in distribution
warning: no previously-included files matching '*.dll' found anywhere in distribution
warning: no previously-included files matching '*.pyo' found anywhere in distribution
warning: no previously-included files matching '*.so' found anywhere in distribution
warning: no previously-included files matching 'coverage.xml' found anywhere in distribution
dpkg-gencontrol: warning: package python-zope.component: substitution variable ${python:Provides} unused, but is defined
dpkg-gencontrol: warning: package python-zope.component: substitution variable ${python:Versions} unused, but is defined
dpkg-scanpackages: warning: Packages in archive but missing from override file:
dpkg-scanpackages: warning: sbuild-build-depends-core-dummy sbuild-build-depends-lintian-dummy sbuild-build-depends-zope.component-dummy

- No processes spawned (only in tests)
- No memory management
- No file IO
- No logging
- No environment variable usage
- No use of privileged functions
- No Use of cryptography
- No use of temp files
- No use of networking
- No use of WebKit
- No use of PolicyKit
- No Coverity issues

Security team ACK for promoting zope.component to main.