[Bug 1972866] Re: [MIR] gsasl

Seth Arnold 1972866 at bugs.launchpad.net
Wed Jun 22 20:13:38 UTC 2022 

I'm not well-versed in the excuses page but I didn't see any mutt
results after the new gsasl upload:

https://people.canonical.com/~ubuntu-archive/proposed-
migration/update_excuses.html

Migration status for mutt (2.1.4-1build1 to 2.2.4-1build1): BLOCKED: Rejected/violates migration policy/introduces a regression
Issues preventing migration:
mutt/amd64 in main cannot depend on libgsasl18 in universe 
...


Does this mean that the tests were entirely skipped? it'd be nice to have some confirmation that mutt at least loads with the new, new sasl. :)

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mutt in Ubuntu.
https://bugs.launchpad.net/bugs/1972866

Title:
  [MIR] gsasl

Status in gsasl package in Ubuntu:
  Incomplete
Status in mutt package in Ubuntu:
  New
Status in mutt package in Debian:
  Fix Released

Bug description:
  [Summary]
  * Everything seems in order with this package, but it should
  be reviewed by the security team due to the nature of the package.
  * Build log: https://launchpadlibrarian.net/564514219/buildlog_ubuntu-jammy-amd64.gsasl_1.10.0-5_BUILDING.txt.gz

  [Availability]
  * The package is already available in Ubuntu universe and builds for the required architectures

  [Rationale]
  * mutt (which is in main) used to depend on cyrus-sasl. Due to a
  licensing conflict between mutt and cyrus-sasl, it has been updated
  to use gsasl and drop the dependency on cyrus-sasl. This change
  has been made in Debian. Mutt is used by a large part of our
  user base, so continuing to provide it is important.

  [Security]
  * Package gsasl and associated libraries do not have any
  security red-flags, but should still be reviewed by
  the security team due to the nature of the package (it
  authenticates users to servers)
  * No CVEs/security issues in this software in the past
  * No `suid` or `sgid` binaries
  * No executables in `/sbin` and `/usr/sbin`
  * Package does not install services, timers or recurring jobs
  * Package does not open privileged ports (ports < 1024)

  [Quality assurance - function/usage]
  * The package works well right after install

  [Quality assurance - maintenance]
  * The package is maintained well in Debian/Ubuntu and has not too many
  and long term critical bugs open
  * The package does not deal with exotic hardware we cannot support

  [Quality assurance - testing]
  * The package runs a test suite on build time, if it fails
  it makes the build fail
  * The package runs an autopkgtest, and is currently passing

  [Quality assurance - packaging]
  * debian/watch is present and works
  * debian/control defines a correct Maintainer field
  * This package does not yield massive lintian Warnings, Errors
  * Full output of `lintian --pedantic`:
  ```
  P: gsasl source: update-debian-copyright 2014 vs 2021 [debian/copyright:44]
  P: gsasl source: very-long-line-length-in-source-file configure line 13808 is 704 characters long (>512)
  P: gsasl source: very-long-line-length-in-source-file examples/openid20/README line 92 is 807 characters long (>512)
  P: gsasl source: very-long-line-length-in-source-file examples/saml20/README line 171 is 1396 characters long (>512)
  P: gsasl source: very-long-line-length-in-source-file ... use --no-tag-display-limit to see all (or pipe to a file/program)
  ```
  * Lintian overrides are present, but ok because upstream does
  not provide source-only tarballs
  * This package has no python2 or GTK2 dependencies
  * Packaging and build is easy. d/rules is concise and readable

  [UI standards]
  * Application is end-user facing, Translation is present, via gettext

  [Dependencies]
  * libgsasl-dev depends on a package from src:libntlm. MIR for
  libntlm is here: https://bugs.launchpad.net/ubuntu/+source/libntlm/+bug/1976405

  [Standards compliance]
  * This package correctly follows FHS and Debian Policy

  [Maintenance/Owner]
  * Owning Team will be foundations
  * Team is not yet, but will subscribe to the package before promotion
  * This does not use static builds
  * This does not use vendored code
  * The package successfully built during the most recent test rebuild

  [Background information]
  * The Package description explains the package well
  * Upstream Name is GNU SASL
  * Upstream Link is https://www.gnu.org/software/gsasl/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gsasl/+bug/1972866/+subscriptions

More information about the foundations-bugs mailing list