[Bug 2110879] [NEW] [MIR] coreutils-from

Julian Andres Klode 2110879 at bugs.launchpad.net
Thu May 15 08:23:20 UTC 2025 

Public bug reported:

The source package and coreutils binary already ended up in main as
coreutils binary used to be in main but moved packages, but for sake of
process let's do an MIR.

[Availability]
The package coreutils-from is already in Ubuntu universe.
The package coreutils-from build for the architectures it is designed to work on.
Link to package https://launchpad.net/ubuntu/+source/coreutils-from

[Rationale]
The package coreutils-from is required in Ubuntu main for enabling the
switch to rust-coreutils as per https://discourse.ubuntu.com/t/carefully-but-purposefully-oxidising-ubuntu/56995/7

It's a set of symlink farms, facilitating switching between providers.
For the purpose of this MIR, we want to consider the gnu-coreutils one,
well the mechanism for switching, the rust-coreutils we will do in the
rust-coreutils MIR.

[Security]
- No CVEs/security issues in this software in the past
- Binaries are no problem because they are symbolic links to separately
  reviewed coreutils providers.
- Package does not install services, timers or recurring jobs

- This is just symlink farms, so we don't have much security to keep in
  mind, the features are needed in the actual providers.

  For rust-coreutils we need to sort out the story of the multi-call
  binary vs AppArmor path-based profiles, but we'll leave that discussion
  to the rust-coreutils MIR.

[Quality assurance - function/usage]
- The package works well right after install

[Quality assurance - maintenance]
It is just symlink farms.

[Quality assurance - testing]
The `coreutils` packages upstream test suite continues running, coreutils
are used everywhere, so bugs are easily noticed - for the default provider
anyway.

Once we enable coreutils-from-uutils as the default, we also need to
continue running the GNU test suite against the GNU tools specifically.

- The package does not run a test at build time because it's just a symlink farm;
  the actual providers run their test suites.
- The package does not run an autopkgtest because the actual code providers run test suites
- The package does have not failing autopkgtests right now

[Quality assurance - packaging]
- debian/watch is not present because it is a native package
- debian/control defines a correct Maintainer field
- Lintian overrides are present, but ok because they are only in the
  variants we don't want to MIR.

- The package will be installed by default, but does not ask debconf
   questions
- Packaging and build is easy:
   https://git.launchpad.net/~juliank/+git/coreutils-from/tree/debian?h=main

[UI standards]
These are questions for the actual implementations.

[Dependencies]
The default dependency is to the gnu-coreutils right now, we want that to
migrate, then switch to rust-coreutils, we'll then MIR that.

[Standards compliance]
- This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
- The owning team will be foundations-bugs and I have their acknowledgement for
  that commitment
- This does not use static builds
- This does not use vendored code
- The package is new :D

[Background information]
https://discourse.ubuntu.com/t/carefully-but-purposefully-oxidising-ubuntu/56995/7
https://discourse.ubuntu.com/t/migration-to-rust-coreutils-in-25-10/59708

** Affects: coreutils-from (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to coreutils-from in Ubuntu.
https://bugs.launchpad.net/bugs/2110879

Title:
  [MIR] coreutils-from

Status in coreutils-from package in Ubuntu:
  New

Bug description:
  The source package and coreutils binary already ended up in main as
  coreutils binary used to be in main but moved packages, but for sake
  of process let's do an MIR.

  [Availability]
  The package coreutils-from is already in Ubuntu universe.
  The package coreutils-from build for the architectures it is designed to work on.
  Link to package https://launchpad.net/ubuntu/+source/coreutils-from

  [Rationale]
  The package coreutils-from is required in Ubuntu main for enabling the
  switch to rust-coreutils as per https://discourse.ubuntu.com/t/carefully-but-purposefully-oxidising-ubuntu/56995/7

  It's a set of symlink farms, facilitating switching between providers.
  For the purpose of this MIR, we want to consider the gnu-coreutils one,
  well the mechanism for switching, the rust-coreutils we will do in the
  rust-coreutils MIR.

  [Security]
  - No CVEs/security issues in this software in the past
  - Binaries are no problem because they are symbolic links to separately
    reviewed coreutils providers.
  - Package does not install services, timers or recurring jobs

  - This is just symlink farms, so we don't have much security to keep in
    mind, the features are needed in the actual providers.

    For rust-coreutils we need to sort out the story of the multi-call
    binary vs AppArmor path-based profiles, but we'll leave that discussion
    to the rust-coreutils MIR.

  [Quality assurance - function/usage]
  - The package works well right after install

  [Quality assurance - maintenance]
  It is just symlink farms.

  [Quality assurance - testing]
  The `coreutils` packages upstream test suite continues running, coreutils
  are used everywhere, so bugs are easily noticed - for the default provider
  anyway.

  Once we enable coreutils-from-uutils as the default, we also need to
  continue running the GNU test suite against the GNU tools specifically.

  - The package does not run a test at build time because it's just a symlink farm;
    the actual providers run their test suites.
  - The package does not run an autopkgtest because the actual code providers run test suites
  - The package does have not failing autopkgtests right now

  [Quality assurance - packaging]
  - debian/watch is not present because it is a native package
  - debian/control defines a correct Maintainer field
  - Lintian overrides are present, but ok because they are only in the
    variants we don't want to MIR.

  - The package will be installed by default, but does not ask debconf
     questions
  - Packaging and build is easy:
     https://git.launchpad.net/~juliank/+git/coreutils-from/tree/debian?h=main

  [UI standards]
  These are questions for the actual implementations.

  [Dependencies]
  The default dependency is to the gnu-coreutils right now, we want that to
  migrate, then switch to rust-coreutils, we'll then MIR that.

  [Standards compliance]
  - This package correctly follows FHS and Debian Policy

  [Maintenance/Owner]
  - The owning team will be foundations-bugs and I have their acknowledgement for
    that commitment
  - This does not use static builds
  - This does not use vendored code
  - The package is new :D

  [Background information]
  https://discourse.ubuntu.com/t/carefully-but-purposefully-oxidising-ubuntu/56995/7
  https://discourse.ubuntu.com/t/migration-to-rust-coreutils-in-25-10/59708

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/coreutils-from/+bug/2110879/+subscriptions

More information about the foundations-bugs mailing list