[Bug 1273865] Re: [MIR] juju-quickstart

Robie Basak 1273865 at bugs.launchpad.net
Mon Mar 17 17:22:03 UTC 2014 

Uploaded all relevant fixes to python-jujuclient, websocket-client and
juju-quickstart packages. Now ready for MIR approval team review.

** Description changed:

- URL: https://launchpad.net/juju-quickstart
- License: GNU Affero GPL v3
- Description: Help both new and experienced users quickly start Juju from Ubuntu.  Juju Quickstart is an opinionated command-line tool that quickly starts Juju and the GUI, whether you've never installed Juju or you have an existing Juju environment running.
+ [juju-quickstart]
  
- = Availability =
+ Availability: in universe, arch: all.
  
- In universe
+ Rationale: key component for the Juju ecosystem.
  
- = Rationale =
+ Security: no security history. No CVEs found. No suid or sgid
+ executables. No executables in /sbin or /usr/sbin. No daemons. No
+ privileged ports (although the Juju GUI does open a privileged port,
+ which this package deploys). One might consider Juju to be
+ security-sensitive, as it controls production deployments, and this
+ package bootstraps Juju. This package uses sudo, although this use is
+ scheduled to be removed. See bug 1282630.
  
- It makes installing a key part of Ubuntu's cloud tools, Juju, much
- easier.  It also is useful to anyone who uses Juju with its GUI
- regularly.
+ Quality assurance:
  
- The following features, as described in https://launchpad.net/juju-
- quickstart, support the above two assertions.
+ Upstream ships a thorough test suite which includes 100% SLOC coverage.
+ By design, this tool makes it possible to use juju with as minimal
+ configuration as possible and with no documentation reading, by
+ deploying the GUI for the user and presenting its interface.
  
- * New users are guided, as needed, to install Juju, set up SSH keys, and configure it for first use.
- * Juju environments can be created and managed from a command line interactive session.
- * The Juju GUI is automatically installed, adding no additional machines (installing on an existing state server when possible).
- * Bundles can be deployed, from local files, HTTP(S) URLs or the charm store, so that a complete topology of services can be set up in one simple command.
- * Quickstart ends by opening the browser and automatically logging the user into the GUI, to observe and manage the environment visually.
- * Users with a running Juju environment can run the quickstart command again to simply re-open the GUI without having to find the proper URL and password.
+ No debconf questions. No long-term outstanding bugs.
  
- = Security =
+ No relevant packaging bugs. There are a number of active bugs open
+ upstream; these are being actively worked on by upstream. This package
+ does not deal with exotic hardware. The upstream test suite is run as
+ part of the package build, and a failing test suite fails the package
+ build. A debian/watch file exists and is functional.
  
- Since we are not in Universe, our history is weak at best.  However, I
- do not believe we fail any of the security checks, though we do ask for
- sudo in some cases (specifically to install juju's stable PPA and juju
- itself).
+ UI standards:
  
- = Quality Assurance =
+ This is an end-user console application and is not internationalized
+ (not translatable). This is tracked in bug 1292026.
  
- We have a very thorough test suite with 100% coverage by line
- measurements.
+ The package does not ship a desktop file. As a console application
+ designed for developer use, a desktop file has minimal relevance for
+ developers.
  
- Bugs are tracked in https://bugs.launchpad.net/juju-quickstart .
+ Dependencies:
  
- Violation: "If the package ships a test suite, and there is no obvious
- reason why it cannot work during build (e. g. it needs root privileges
- or network access), it should be run during package build, and a failing
- test suite should fail the build."  We can work to incorporate it into
- the build process.
+ urwid, python-jujuclient and websocket-client are dependencies in
+ universe. MIR reports follow in this bug.
  
- = UI standards =
+ Standards compliance: standard and minimal dh sequencer based packaging.
+ FHS compliant and the packaging is up to current Debian policy.
  
- "End-user applications must be internationalized (translatable), using
- the standard intltool/gettext build and runtime system and produce a
- proper PO template during build."  Not yet done.
+ Maintenance:
  
- = Dependencies =
+ Actively maintained upstream, by the Juju GUI team. ~ubuntu-server
+ commits to maintaining this package in Ubuntu and is subscribed to
+ package bugs.
  
- python-jujuclient, python-urwid
  
- = Standards compliance =
+ [urwid]
  
- Our current packaging is certainly simple.  I hope that it complies to
- standards but am not familiar with them beyond the most cursory read.
+ Availability: in universe and built on all architecture.
  
- = Maintenance =
+ Rationale: dependency of juju-quickstart.
  
- The Juju GUI team are the current maintainers (https://launchpad.net/~juju-gui).
- Ubuntu server team will pick bug triage alongside juju-core in distro.
+ Security: no security history. No CVEs found. No suid or sgid
+ executables. No executables in /sbin or /usr/sbin. No daemons. No
+ privileged port use is apparent. urwid is a UI library, so may be used
+ as a UI in security sensitive software, although this isn't the case
+ with juju-quickstart.
+ 
+ Quality assurance:
+ 
+ As a library, this package is functional on installation. No debconf
+ questions. No major long-term outstanding bugs. Upstream is active. No
+ use of exotic hardware.
+ 
+ Test-related packaging bugs in Debian are all fixed in Debian svn. The
+ only other bug in Debian is believed fixed already. Upstream has more
+ bugs, but none of them appear to be major issues for general urwid use.
+ 
+ No use of exotic hardware. Test suite is run as part of the package
+ build, and fails the build if tests fail. debian/watch file is out of
+ date, but fixed in current Debian svn.
+ 
+ UI standards: N/A
+ 
+ Dependencies: all in main.
+ 
+ Standards compliance: minimal cdbs+debhelper based packaging. Ideally
+ this would use the dh sequencer now, and I get the impression that DPMT
+ would be happy to switch it. But urwid is a relatively slow moving
+ project, and the rules file is simple and minimal enough that it doesn't
+ seem worth switching just for the sake of it. If there is a problem that
+ requires a change, then it could be switched to dh at that time easily
+ enough. FHS compliant and the packaging is up to current Debian policy.
+ 
+ urwid is a long-lived relatively stable package, with minimal
+ maintenance requirements. Upstream is active though, and all bugs in
+ Debian BTS are fixed in Debian svn. ~ubuntu-server commits to
+ maintaining this package in Ubuntu and is subscribed to package bugs.
+ 
+ 
+ [python-jujuclient]
+ 
+ Availability: in universe, arch: all.
+ 
+ Rationale: dependency of juju-quickstart.
+ 
+ Security: no security history. No CVEs found. No suid or sgid
+ executables. No executables in /sbin or /usr/sbin. No daemons. No
+ privileged ports. python-jujuclient is used by juju-quickstart to manage
+ deployments; the deployments themselves are security-sensitive.
+ 
+ Quality assurance:
+ 
+ As a library, this package is functional on installation. No debconf
+ questions. No long-term outstanding bugs. Upstream is active. No use of
+ exotic hardware.
+ 
+ No relevant upstream test suite.
+ 
+ debian/watch file is present and working.
+ 
+ UI standards: N/A
+ 
+ Dependencies: websocket-client is in universe (also see bug 1292502
+ regarding the package naming of this dependency). MIR report follows.
+ 
+ Standards compliance: standard and minimal dh sequencer based packaging.
+ FHS compliant and the packaging is up to current Debian policy.
+ 
+ Maintenance: actively maintained upstream, by Kapil Thangavelu.
+ ~ubuntu-server commits to maintaining this package in Ubuntu and is
+ subscribed to package bugs. The upstream code says: "Seriously Alpha.
+ Works now, but API *will* change". Upstream responds: "yeah.. i should
+ take that out, it was commentary from the first release against the api,
+ but in truth it has been pretty stable to date".
+ 
+ 
+ [websocket-client]
+ 
+ Availability: in universe, arch: all.
+ 
+ Rationale: dependency of python-jujuclient.
+ 
+ Security: no security history. No CVEs found. No suid or sgid
+ executables. No executables in /sbin or /usr/sbin. No daemons. This
+ library is a client for the WebSocket protocol, and as such will
+ generally handle untrusted input, although this isn't the case with
+ juju-quickstart.
+ 
+ Quality assurance:
+ 
+ As a library, this package is functional on installation. No debconf
+ questions. No major long-term outstanding bugs. Upstream is active. No
+ use of exotic hardware. Test suite is run as part of the package build,
+ and fails the build if tests fail. debian/watch file is present and
+ working.
+ 
+ There was an issue with a conflict between Debian and Ubuntu packaging
+ and tracked in bug 1292502, but this is now resolved. The upstream test
+ suite had to be imported using a distribution patch in order to run it
+ as part of the package build (bug 1292511); this was reported to
+ upstream, so hopefully will be fixed upstream soon so that the
+ distribution patch can be removed.
+ 
+ UI standards: N/A
+ 
+ Dependencies: all in main.
+ 
+ Standards compliance: standard and minimal dh sequencer based packaging.
+ FHS compliant and the packaging is up to current Debian policy.
+ 
+ Maintenance: upstream is active. ~ubuntu-server commits to maintaining
+ this package in Ubuntu and is subscribed to package bugs.

** Changed in: juju-quickstart (Ubuntu Trusty)
       Status: In Progress => New

** Changed in: juju-quickstart (Ubuntu Trusty)
     Assignee: Robie Basak (racb) => (unassigned)

** Changed in: python-jujuclient (Ubuntu Trusty)
       Status: Incomplete => New

** Changed in: urwid (Ubuntu Trusty)
       Status: Incomplete => New

** Changed in: websocket-client (Ubuntu Trusty)
       Status: Incomplete => New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to juju-quickstart in Ubuntu.
https://bugs.launchpad.net/bugs/1273865

Title:
  [MIR] juju-quickstart

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/juju-quickstart/+bug/1273865/+subscriptions

More information about the Ubuntu-server-bugs mailing list