[Bug 1913321] Re: [MIR] iniparser (dependency of mtd-utils)

Fri Jan 29 19:53:01 UTC 2021

** Description changed:

  [MIR] iniparser (dependency of mtd-utils)
+ 
+ 
+ [Availability]
+ ✓ The package is in universe.
+ 
+ [Rationale]
+ ✓ The package is a new build dependency of a package that we already
+   support (mtd-utils).
+ 
+ [Security]
+ ✓ No CVEs
+ ✓ No openwall
+ ✓ No security relevant binaries
+ - The github has several items of interest - commits not yet in Debian /
+   Ubuntu that address buffer overflows, not-yet-merged fixes for missing
+   null pointer checks/memory leaks, plus more issues filed with typical C
+   code null checks / off by ones.  Could be OK with some updates to
+   address the known issues.
+ 
+ [Quality assurance]
+ ✓ Used package with minimal effort.  Provides a doc package, and the
+   header file for the lib has the same content.  API behaves mostly as
+   expected and was easy to use just based on the header file.
+ ✓ No debconf usage
+ ✓ No long-term usability affecting bugs
+ ✓ No Debian/Ubuntu bugs aside from this MIR
+ - Upstream bugs of interest present, see security section above
+ - Packaging in Debian seems mostly fine, but I noted that back-to-back
+   invocation of dpkg-buildpackage fails.  A `make -C test clean` would
+   resolve this.
+ ✓ No exotic hardware expectations
+ - While a test suite is present, failures in it are not failing the build.
+ ✓ debian/watch file present
+ - lintian --pedantic reports 6 items total, the most severe of which are 2
+   warnings
+ ✓ No reliance on obsolete/pending-demote packages
+ 
+ [Dependencies]
+ ✓ Dependencies are very modest and already in main. (libc6, and
+   libjs-jquery for doc package)
+ 
+ [Standards compliance]
+ ✓ FHS looks good to me.
+ ✓ Outstanding patches - there is a CMake patch, but upstream doesn't want 
+   it.
+   https://github.com/ndevilla/iniparser/blob/master/FAQ-en.md#your-build-system-isnt-portable-let-me-help-you
+ - Recommended item DEB_BUILD_OPTIONS isn't explicitly implemented, all 6
+   options currently listed are potentially relevant.
+   https://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options
+ - The standards version is old https://tracker.debian.org/pkg/iniparser ,
+   however v4.3.0 is an appropriate version for the last time the package
+   was uploaded.
+ 
+ [Maintenance]
+ ✓ foundations-bugs subscribed on 
+   https://bugs.launchpad.net/ubuntu/+source/iniparser/+subscriptions
+ ✓ I consider this a "simple" package which should continue to be in sync
+   with Debian
+ 
+ [Background information]
+ ✓ Package description is appropriate
+ ✓ No recent (or ever) renames

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mtd-utils in Ubuntu.
Matching subscriptions: foundations-bugs-with-comments, mtd-utils
https://bugs.launchpad.net/bugs/1913321

Title:
  [MIR] iniparser (dependency of mtd-utils)

Status in iniparser package in Ubuntu:
  Incomplete
Status in mtd-utils package in Ubuntu:
  New
Status in iniparser source package in Hirsute:
  Incomplete
Status in mtd-utils source package in Hirsute:
  New

Bug description:
  [MIR] iniparser (dependency of mtd-utils)

  [Availability]
  ✓ The package is in universe.

  [Rationale]
  ✓ The package is a new build dependency of a package that we already
    support (mtd-utils).

  [Security]
  ✓ No CVEs
  ✓ No openwall
  ✓ No security relevant binaries
  - The github has several items of interest - commits not yet in Debian /
    Ubuntu that address buffer overflows, not-yet-merged fixes for missing
    null pointer checks/memory leaks, plus more issues filed with typical C
    code null checks / off by ones.  Could be OK with some updates to
    address the known issues.

  [Quality assurance]
  ✓ Used package with minimal effort.  Provides a doc package, and the
    header file for the lib has the same content.  API behaves mostly as
    expected and was easy to use just based on the header file.
  ✓ No debconf usage
  ✓ No long-term usability affecting bugs
  ✓ No Debian/Ubuntu bugs aside from this MIR
  - Upstream bugs of interest present, see security section above
  - Packaging in Debian seems mostly fine, but I noted that back-to-back
    invocation of dpkg-buildpackage fails.  A `make -C test clean` would
    resolve this.
  ✓ No exotic hardware expectations
  - While a test suite is present, failures in it are not failing the build.
  ✓ debian/watch file present
  - lintian --pedantic reports 6 items total, the most severe of which are 2
    warnings
  ✓ No reliance on obsolete/pending-demote packages

  [Dependencies]
  ✓ Dependencies are very modest and already in main. (libc6, and
    libjs-jquery for doc package)

  [Standards compliance]
  ✓ FHS looks good to me.
  ✓ Outstanding patches - there is a CMake patch, but upstream doesn't want 
    it.
    https://github.com/ndevilla/iniparser/blob/master/FAQ-en.md#your-build-system-isnt-portable-let-me-help-you
  - Recommended item DEB_BUILD_OPTIONS isn't explicitly implemented, all 6
    options currently listed are potentially relevant.
    https://www.debian.org/doc/debian-policy/ch-source.html#s-debianrules-options
  - The standards version is old https://tracker.debian.org/pkg/iniparser ,
    however v4.3.0 is an appropriate version for the last time the package
    was uploaded.

  [Maintenance]
  ✓ foundations-bugs subscribed on 
    https://bugs.launchpad.net/ubuntu/+source/iniparser/+subscriptions
  ✓ I consider this a "simple" package which should continue to be in sync
    with Debian

  [Background information]
  ✓ Package description is appropriate
  ✓ No recent (or ever) renames

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iniparser/+bug/1913321/+subscriptions