Public bug reported: [Availability] The package libimobiledevice-glue is already in Ubuntu universe. The package libimobiledevice-glue build for the architectures it is designed to work on. It currently builds and works for architectures: amd64 arm64 armhf ppc64el riscv64 s390x Link to package https://launchpad.net/ubuntu/+source/libimobiledevice-glue
[Rationale] - The package libimobiledevice-glue is required in Ubuntu main for component matching in Oracular. - The package libimobiledevice-glue will not generally be useful for a large part of our user base, but is important/helpful still because it's a component mismatch for Oracular. - The package libimobiledevice-glue is a new runtime dependency of package libimobiledevice that we already support - There is no other/better way to solve this that is already in main or should go universe->main instead of this. - The binary package libimobiledevice-glue-1.0-0 needs to be in main to achieve run-time dependency for libimobiledevice which is in main. - It would be great and useful to community/processes to have the package libimobiledevice-glue in Ubuntu main, but there is no definitive deadline. [Security] - Had 14 security issues in the past + https://www.openwall.com/lists/oss-security/2017/02/02/4 + https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libimobiledevice - The links therein to their bug tracker show they have been handled. - No `suid` or `sgid` binaries - No executables in `/sbin` and `/usr/sbin` - Package does not install services, timers or recurring jobs TODO: - Security has been kept in mind and common isolation/risk-mitigation TODO: patterns are in place utilizing the following features: TODO: TBD (add details and links/examples about things like dropping TODO: permissions, using temporary environments, restricted users/groups, TODO: seccomp, systemd isolation features, apparmor, ...) - Packages does not open privileged ports (ports < 1024). - Package does not expose any external endpoints TODO: - Packages does not contain extensions to security-sensitive software TODO: (filters, scanners, plugins, UI skins, ...) [Quality assurance - function/usage] - The package works well right after install [Quality assurance - maintenance] - The package is maintained well in Debian/Ubuntu/Upstream and does not have too many, long-term & critical, open bugs - Ubuntu + https://bugs.launchpad.net/ubuntu/+source/libimobiledevice-glue/+bug + https://bugs.launchpad.net/ubuntu/+source/libimobiledevice/+bug - Debian + https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libimobiledevice-glue + https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=libimobiledevice - Upstream's bug tracker, e.g., GitHub Issues: https://github.com/libimobiledevice/libimobiledevice/issues - The package does deal with exotic hardware (namely iOS devices), it is present at TBD to be able to test, fix and verify bugs [Quality assurance - testing] - The package does not run a test at build time because upstream does not have a set of tests for this package (same with libimobile-device which already is in main). TODO - The package runs an autopkgtest, and is currently passing on x86 x64 s390x aarch32 aarch64 risc64 ppc64el, link to test logs TBD - The package does have not failing autopkgtests right now [Quality assurance - packaging] - debian/watch is present and works - debian/control defines a correct Maintainer field - This package does not yield massive lintian Warnings, Errors - Please link to a recent build log of the package https://launchpad.net/~nteodosio/+archive/ubuntu/rebuilds/+sourcepub/16286820/+listing-archive-extra - Lintian overrides are not present - This package does not rely on obsolete or about to be demoted packages. - This package has no python2 or GTK2 dependencies - The package will not be installed by default - Packaging and build is easy, link to debian/rules https://salsa.debian.org/imobiledevice-team/libimobiledevice- glue/-/blob/master/debian/rules?ref_type=heads [UI standards] - Application is not end-user facing (does not need translation) [Dependencies] - No further depends or recommends dependencies that are not yet in main [Standards compliance] - This package correctly follows FHS and Debian Policy [Maintenance/Owner] - The owning team will be Ubuntu Desktop (~desktop-packages) and I have their acknowledgement for that commitment - The future owning team is not yet subscribed, but will subscribe to the package before promotion - This does not use static builds - This does not use vendored code - This package is not rust based - The package has been built within the last 3 months in the archive - Build link on launchpad: https://launchpad.net/ubuntu/+source/libimobiledevice-glue/1.3.0-1 [Background information] The Package description explains the package well Upstream Name is libimobiledevice-glue Link to upstream project https://github.com/libimobiledevice/libimobiledevice-glue ** Affects: libimobiledevice-glue (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2074086 Title: MIR libimobiledevice-glue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libimobiledevice-glue/+bug/2074086/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
