[Bug 2142240] [NEW] [MIR] python-awscurl

Fri Mar 27 09:32:25 UTC 2026

You have been subscribed to a public bug by Guillaume Boutry (gboutry):

[Availability]
The package python-awscurl is already in Ubuntu universe.
The package python-awscurl build for the architectures it is designed to work on.
It currently builds and works for architectures: amd64
Link to package https://launchpad.net/ubuntu/+source/python-awscurl

[Rationale]
There must be a certain level of demand for the package
- The package python-awscurl is required in Ubuntu main as a recently-added runtime requirement for OpenStack Ceilometer. Ceilometer is an important package for users of OpenStack as well as Canonical internal infrastructure. Link to upstream addition: https://opendev.org/openstack/ceilometer/commit/b7c27f7fc90aadd90e7ffd3903de515d3952a252
- The package python-awscurl will not generally be useful for a large part of
  our user base, but is important/helpful still because Ceilometer is an important component of the Ubuntu OpenStack offering and this particular package offers HTTP requests to the AWS API with automatic signing. Note that this package replaces the deprecated request-aws package that was a previous requirement of Ceilometer.
- The package python-awscurl is a new runtime dependency of package ceilometer that we already support
- There is no other/better way to solve this that is already in main or
  should go universe->main instead of this.
- This is the first time package will be in main
- All binary packages built by python-awscurl need to be in main to achieve AWS functionality in OpenStack Ceilometer.
- The package python-awscurl is required in Ubuntu main no later than Resolute Release
  due to the OpenStack Gazpacho release.

[Security]
- No CVEs/security issues in this software in the past
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Security has been kept in mind and common isolation/risk-mitigation
  patterns are in place utilizing the following features:
  This is a CLI client tool that runs as the invoking user with no
  elevated privileges. It does not run as a daemon, does not require
  root, and does not listen on any network interface. AWS credentials
  are handled in-memory only for the duration of request signing and
  follow standard AWS credential sourcing (config file, environment
  variables, botocore/instance roles). TLS certificate verification
  is enabled by default.
- Packages does not open privileged ports (ports < 1024).
- Package does not expose any external endpoints
- Packages does not contain extensions to security-sensitive software
  (filters, scanners, plugins, UI skins, ...)

[Quality assurance - function/usage]
- The package works well right after install

[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu/Upstream and does
  not have too many, long-term & critical, open bugs
  - Ubuntu https://bugs.launchpad.net/ubuntu/+source/TBDSRC/+bug
  - Debian https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=python-awscurl
  - Upstream's bug tracker, e.g., GitHub Issues: https://github.com/okigan/awscurl/issues
- The package does not deal with exotic hardware we cannot support

[Quality assurance - testing]
- The package runs a test suite on build time, if it fails
   it makes the build fail, link to build log: https://launchpad.net/ubuntu/+source/python-awscurl/0.36-1/+build/31442678
- The package runs an autopkgtest, and is currently passing on
  this TBD list of architectures, link to test logs: https://autopkgtest.ubuntu.com/packages/python-awscurl
- The package does have not failing autopkgtests right now

[Quality assurance - packaging]
- A mechanism to detect and fetch new upstream versions is present and works
- debian/control defines a correct Maintainer field
- This package does not yield massive lintian Warnings, Errors
- Please link to a recent build log of the package:   https://launchpad.net/ubuntu/+source/python-awscurl/0.36-1/+build/31442678
- Lintian –pedantic output:

P: python-awscurl source: homepage-field-uses-insecure-uri http://github.com/okigan/awscurl
P: python-awscurl source: insecure-copyright-format-uri http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ [debian/copyright]
P: python-awscurl source: package-uses-old-debhelper-compat-version 11
P: python-awscurl source: silent-on-rules-requiring-root [debian/control]

- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will not be installed by default
- Packaging and build is easy, link to debian/rules: https://salsa.debian.org/openstack-team/third-party/python-awscurl/-/blob/debian/flamingo/debian/rules?ref_type=heads

[UI standards]
- Application is not end-user facing (does not need translation)

[Dependencies]
- There are further dependencies that are not yet in main, MIR for them
  is at: https://bugs.launchpad.net/ubuntu/+source/python-configargparse/+bug/2142251

[Standards compliance]
- This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
- The owning team will be ubuntu-cloud-archive and I have their acknowledgment for that commitment -> the team is now subscribed.
- This does not use static builds
- This does not use vendored code
- This package is not rust based
- The package has not been build within the last 3 months in the archive (Oct 28, 2025 last build)
- Build link on launchpad: https://launchpad.net/ubuntu/+source/python-awscurl/0.36-1/+build/31442678
- This change will not impact other teams

[Background information]
The Package description explains the package well
Upstream Name is awscurl
Link to upstream project: https://github.com/okigan/awscurl

** Affects: python-awscurl (Ubuntu)
     Importance: Undecided
         Status: In Progress

-- 
[MIR] python-awscurl
https://bugs.launchpad.net/bugs/2142240
You received this bug notification because you are a member of Ubuntu OpenStack, which is subscribed to the bug report.