[Bug 1862773] Re: [MIR] python-tabulate (dependency of cinder)

Matthias Klose doko at ubuntu.com
Thu Mar 19 15:31:29 UTC 2020 

Override component to main
python-tabulate 0.8.6-0ubuntu2 in focal: universe/misc -> main
python3-tabulate 0.8.6-0ubuntu2 in focal amd64: universe/python/optional/100% -> main
python3-tabulate 0.8.6-0ubuntu2 in focal arm64: universe/python/optional/100% -> main
python3-tabulate 0.8.6-0ubuntu2 in focal armhf: universe/python/optional/100% -> main
python3-tabulate 0.8.6-0ubuntu2 in focal i386: universe/python/optional/100% -> main
python3-tabulate 0.8.6-0ubuntu2 in focal ppc64el: universe/python/optional/100% -> main
python3-tabulate 0.8.6-0ubuntu2 in focal s390x: universe/python/optional/100% -> main
7 publications overridden.


** Changed in: python-tabulate (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-tabulate in Ubuntu.
https://bugs.launchpad.net/bugs/1862773

Title:
  [MIR] python-tabulate (dependency of cinder)

Status in python-tabulate package in Ubuntu:
  Fix Released

Bug description:
  [Availability]
  In universe

  [Rationale]
  Taken from the upstream commit that makes this change:

  PrettyTable is no longer maintained and the last release was in 2013.
  There are starting to be deprecation warnings emitted with newer Python
  releases.

  Various attempts to revive a fork haven't gained much traction. A common
  recommendation is to move away from PrettyTable to tabulate. This
  switches our usage to a close equivalent using that library instead.

  [Security]
  No security history

  https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tabulate

  
  [Quality assurance]
  Package has unit tests which are run as part of the package build.

  [Dependencies]
  All in main

  [Standards compliance]
  OK-ish - simple package but not updated to latest Standards-Version

  [Maintenance]
  Not that well maintained in Debian - last update was an NMU in October 2019 to remove Py2 support.  More recent updates in Ubuntu to bump version and execute unit tests as part of package builld.

  [Background information]
  tabulate provides similar function to prettytable - however not all openstack projects have made the switch and there are other reverse-depends in main for python3-prettytable:

  $ reverse-depends -c main python3-prettytable
  Reverse-Depends
  * ceph-common [amd64 arm64 armhf ppc64el s390x]
  * python3-automaton
  * python3-blazarclient
  * python3-ceilometerclient
  * python3-cinder
  * python3-cinderclient
  * python3-cliff
  * python3-futurist
  * python3-glance
  * python3-glanceclient
  * python3-heatclient
  * python3-magnumclient
  * python3-manilaclient
  * python3-monascaclient
  * python3-nova
  * python3-novaclient
  * python3-oslo.upgradecheck
  * python3-osprofiler
  * python3-seamicroclient
  * python3-senlinclient
  * python3-troveclient

  That said it formats output for python applications so would be
  considered fairly low risk from a security perspective so having two
  similar pkgs in main but be more palatable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-tabulate/+bug/1862773/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list