** Description changed:
- TBC
+ >> juju-mongodb <<
+
+ Availability
+ ------------
+
+ In universe, available on all required architectures (x86, armhf, arm64,
+ ppc64el).
+
+ Rationale
+ ---------
+
+ MongoDB is a dependency for operating a Juju deployed Ubuntu
+ environment.
+
+ Security
+ --------
+
+ MongoDB has had some CVE's in the past, related to the use of the V8 and
+ Spidermonkey Javascript engine in the Mongo Shell; however juju-mongodb
+ builds without support for Javascript scripting, avoiding the historic
+ CVE's (which where fixed upstream anyway).
+
+ Quality assurance
+ -----------------
+
+ Package installs cleanly, package build process runs upstream smoke
+ tests (minus jstests due to disabling javascript support). Tests pass
+ on all architectures.
+
+ Dependencies
+ ------------
+
+ All in main already
+
+ Standards compliance
+ --------------------
+
+ OK (well is scons but we won't hold that against it)
+
+ Maintenance
+ -----------
+
+ Upstream MongoDB run stable releases with point updates; its intended
+ that a MRE is applied for this package so point releases can be pushed
+ as SRU's.
+
+ Its also possible that we might need to bump a major version (2.4.x ->
+ 2.6.x); as this package is specific to Juju, we can constrain the impact
+ and regression testing to Juju only.
+
+ Background information
+ ----------------------
+
+ Why a separate package? it was agreed at the last vUDS that having a
+ separate package allows us to limit a) use of v8 (disabled) which was a
+ security concern and b) allows us to potentially update at a later date
+ if need be only impacting juju itself.
+
+ >> juju-core <<
+
+ Availability
+ ------------
+
+ In universe, not yet available on arm64 or ppc64el.
+
+ Rationale
+ ---------
+
+ Juju is the recommended service orchestration tool for Ubuntu; as such
+ it really needs to be a core part of Ubuntu.
+
+ Security
+ --------
+
+ No security history, but it was agreed that a security review would be
+ undertaken as part of the MIR process.
+
+ Quality assurance
+ -----------------
+
+ No tests are run as part of the package build process; however upstream
+ do run these tests for all target series (12.04 -> 14.04) prior to
+ release so the overall quality of the codebase it pretty good.
+
+ The package has some basic DEP-8 tests that bootstrap a local Juju
+ environment to ensure everything hangs together OK.
+
+ Dependencies
+ ------------
+
+ juju-mongodb (see above)
+ golang or gccgo TBC
+
+ Currently all required go dependencies are snapshotted at specific
+ upstream commits and bundled with Juju.
+
+ Standards compliance
+ --------------------
+
+ OK
+
+ Maintenance
+ -----------
+
+ Upstream Juju team intend to manage stable point releases against the
+ version shipped in 14.04. Ubuntu Server team will own the package in
+ distro.
+
+ Background information
+ ----------------------
+
+ Some decisions still need to be made, mainly around toolchain.
+ Specifically the aim is to support a single Go toolchain in Ubuntu main
+ for all architectures; golang-go does not support arm64 or ppc64el yet,
+ whereas the gccgo implementation does.
+
+ Required changes to support gccgo have been upstreamed into the Juju
+ codebase.
** Changed in: juju-core (Ubuntu)
Status: New => Incomplete
** Changed in: juju-mongodb (Ubuntu)
Importance: Undecided => High
** Changed in: juju-core (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to juju-core in Ubuntu.
https://bugs.launchpad.net/bugs/1267393
Title:
[MIR] juju-core, juju-mongodb
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/juju-core/+bug/1267393/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
