Hey. On opencc, some small stuff to discuss/fix before getting the finale ACK on it. It would be great to have the list of binary packages tha needs to be promoted to main.
Notes: Required TODOs: TODO - talk with the debian team about the lintian warnings from the -doc package, where the html doc seems to fetch images from the Internet which is a privacy breakage (reading offline doc shouldn’t require Internet). I may have missed an escape in the tag, but in that case, please place a lintian override then. See "Packaging red flags" problem section for more details. TODO: talk with the debian team to replace the shlibs file by a symbol one to have symbol tracking. TODO: 2 warnings during build, one minor, one a little bit more annoying. Please reach upstream to get those fixed. More details in "Upstream red flags" / problems section. TODO: get Seb aggreeing that the desktop team is the correct team to maintain it and subscribing desktop-packages to it. [Duplication] There is no other package in main providing the same functionality. [Dependencies] OK: - no other Dependencies to MIR due to this - no -dev/-debug/-doc packages that need exclusion [Embedded sources and static linking] OK: - some embedded source code present, however, this is devendorized at built time: jquery, marisa, rapidjson… and linked to the system ones (mostly js stuff for documentation) - no static linking [Security] OK: - history of CVEs does not look concerning - does not run a daemon as root - does not use webkit1,2 does not use lib*v8 directly - does parse data formats to convert to another form, but was previously in main and is using a limited known set - does not open a port - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (eg, pam), etc) [Common blockers] OK: - does not FTBFS currently TODO: - does have a test suite that runs at build time - no translation present, but none needed for this case - not a python/go package, no extra constraints to consider int hat regard - no new python2 dependency Problems: - there is no test suite which would have been good for such a program. Not a blocker though as it was already in main. - Waiting on seb’s answer for the desktop team to take ownership of it as part of the new promotion. [Packaging red flags] OK: - Ubuntu does not carry a delta - d/watch is present and looks ok - Upstream update history is sporadic - Debian/Ubuntu update history is good - the current release is packaged + snapshotted since mid-2020 (no new release so far and some fixes seemed to be wanted by the debian packaging team) - promoting this does not seem to cause issues for MOTUs that so far - no massive Lintian warnings, but some needs checking (see below) - d/rules is rather clean - Does not have Built-Using Problems: - no symbol tracking, only a shlibs file. - the -doc usr/share/doc/opencc/html/index.html package seems to fetch multiple images and svg objects from the web: <img src="https://opencc.byvoid.com/img/opencc.png"; alt="opencc" class="inline"/> <object type="image/svg+xml" data="https://github.com/byvoid/opencc/workflows/python%20package/badge.svg?branch=master"; style="pointer-events: none;"> This should probably be brought up with the debian team and be fixed. Example of the lintian warning bringing it up: W: libopencc-doc: privacy-breach-generic usr/share/doc/opencc/html/index.html [<img src="https://opencc.byvoid.com/img/opencc.png"; alt="opencc" class="inline"/>] (https://opencc.byvoid.com/img/opencc.png) [Upstream red flags] OK: - no Errors but few warnings during the build - no incautious use of malloc/sprintf (as far as I can check it) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian or Ubuntu - no dependency on webkit, qtwebkit, seed or libgoa-* - not part of the UI for extra checks Problems: 2 warnigns during build: /<<BUILDDIR>>/opencc-1.1.1+git20200624+ds2/src/PhraseExtract.cpp:104:23: warning: comparison of integer expressions of different signedness: ‘int’ and ‘std::vector<std::pair<opencc::UTF8StringSliceBase<unsigned char>, opencc::PhraseExtract::Signals> >::size_type’ {aka ‘long unsigned int’} [-Wsign-compare] 104 | for (int i = 0; i < items.size(); i++) { | ~~^~~~~~~~~~~~~~ /usr/bin/ld: CMakeFiles/opencc.dir/CommandLine.cpp.o: in function `Convert(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >)': ./obj-x86_64-linux-gnu/src/tools/./src/tools/CommandLine.cpp:89: warning: the use of `tmpnam' is dangerous, better use `mkstemp' ** Changed in: opencc (Ubuntu) Status: New => Incomplete ** Changed in: opencc (Ubuntu) Assignee: Didier Roche (didrocks) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1909665 Title: [MIR] ibus-libpinyin dependencies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lua5.4/+bug/1909665/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
![https://opencc.byvoid.com/img/opencc.png"](https://opencc.byvoid.com/img/opencc.png"){kind=link}
![https://github.com/byvoid/opencc/workflows/python%20package/badge.svg?branch=master"](https://github.com/byvoid/opencc/workflows/python%20package/badge.svg?branch=master"){kind=link}
