python-nacl should be reviewed by the Security Team since it deals with
crypto, otherwise it looks fine to me. I have not done an in-depth code
review of the upstream source.
** Changed in: python-nacl (Ubuntu)
Status: New => Incomplete
** Changed in: python-nacl (Ubuntu)
Assignee: Mathieu Trudel-Lapierre (cyphermox) => Ubuntu Security Team
(ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to protobuf in Ubuntu.
https://bugs.launchpad.net/bugs/1747460
Title:
[MIR] py-macaroon-bakery, protobuf, pyrfc3339
Status in protobuf package in Ubuntu:
Invalid
Status in py-macaroon-bakery package in Ubuntu:
Fix Committed
Status in pyrfc3339 package in Ubuntu:
Fix Released
Status in python-nacl package in Ubuntu:
Incomplete
Bug description:
py-macaroon-bakery
==================
1. Availability: all
2. Rationale:
Macaroons is a new form of authorization mechanism. The macaroon bakery
builds on pymacaroons, which allows it working at a higher level.
In order for MAAS (and other projects) to support macaroon based
authentication, this needs to be in main. This will allow projects to
support remote/centralized authentication based on macaroons.
3. Security:
No CVE's
4. QA:
0 bugs in debian/ubuntu
5. UI standards:
None
6. Dependencies:
Dependencies in universe:
- python3-pymacaroons (MIR LP: #1746772)
- python3-nacl
- python3-protobuf
- python3-rfc3339
7. Standards:
No lintian errors.
Packaged with debhelper. Source format is 3.0 (quilt)
Standards version: 4.4.1
8. Maintenance:
Easy.
9. Background information:
This is a required dependency to implement third party/centralized
authentication alongside with pymacaroons. This is a new dependency that's
required by MAAS.
python3-protobuf
==================
1. Availability: any
2. Rationale:
Dependency of python3-macaroonbakery. The library from this same source
package, libprotobuf10, is already in main.
3. Security:
No CVE's
4. QA:
protobuf source, 10 bugs in debian, 11 ubuntu
5. UI standards:
None
6. Dependencies:
All in main
7. Standards:
No lintian errors.
Packaged with debhelper. Source format is 3.0 (quilt)
Standards version: 3.9.8
8. Maintenance:
Easy.
9. Background information:
protobuf source already has binaries in main. This is just the python
bindings that are required by macaroonbakery.
rfc3339
==================
1. Availability: all
2. Rationale:
Dependency of python3-macaroonbakery.
3. Security:
No CVE's
4. QA:
0 bugs in debian/ubuntu
5. UI standards:
None
6. Dependencies:
All in main
7. Standards:
No lintian errors. 1 warning:
W: pyrfc3339 source: ancient-standards-version 3.9.6 (released 2014-09-17)
(current is 4.1.3)
Packaged with debhelper. Source format is 3.0 (quilt)
8. Maintenance:
Easy.
9. Background information:
Parser and generator of RFC 3339-compliant timestamps. This is a dependency
for python3-macaroonbakery.
python-nacl
==================
1. Availability: any
2. Rationale:
Dependency of python3-macaroonbakery.
3. Security:
No CVE's
4. QA:
0 bugs in debian/ubuntu
5. UI standards:
None
6. Dependencies:
All in main
7. Standards:
No lintian errors.
Uses standards version 3.9.8
Packaged with debhelper. Source format is 3.0 (quilt)
8. Maintenance:
Easy.
9. Background information:
PyNaCl is a Python binding to the Networking and Cryptography library. This
is a dependency for python3-macaroonbakery.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/protobuf/+bug/1747460/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
