Hello, I have been doing the security review for this package and before I can finalize it, I would like to address some possible issues and try to understand what might be their consequences:
(1) When building the package for analysis, I was unable to do so with testing activated. The tests hang at 19% and the build simply does not continue when it reaches this point. Of course, it could be that the test takes an extremely long time (I did not wait more than 2hrs before deciding to cancel the build and restart with tests deactivated), but either way, we need builds to finish in order to support the package, and it would be ideal to include tests to make sure that our updates are good ones. Is this a known issue? Is it possible I did something wrong when building? If it is indeed an issue, how could we solve it? (2) While analyzing the code, I came across a function that creates Unix sockets with the 0777 permission set. This could be an issue, so I would like to know more about the uses that will be utilizing the Unix sockets functionality, as well as if they should be considering permissions other than 0777. Thanks! Regards, Camila Camargo de Matos. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1930111 Title: [MIR] new dependencies of cherrypy3: jaraco.collections, jaraco.classes, jaraco.text, python-cheroot, python-jaraco.functools, python-tempora, python-portend, zc.lockfile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cherrypy3/+bug/1930111/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
