Main Inclusion Report for python-launchpadlib and dependencies

Requirements

1. Availability:

   • http://archive.ubuntu.com/ubuntu/pool/universe/p/python-launchpadlib: Arch: all

   • http://archive.ubuntu.com/ubuntu/pool/universe/p/python-wadllib: Arch: all

   • http://archive.ubuntu.com/ubuntu/pool/universe/s/simplejson: Available for all architectures

   • http://archive.ubuntu.com/ubuntu/pool/universe/p/python-httplib2: Available for all architectures

2. Rationale:

   • We would like to switch apport from python-launchpad-bugs to python-launchpadlib, as the latter is officially supported by Launchpad and stable, and the former constantly breaks and is hard to maintain.

3. Security:

   • CVE entries (launchpadlib, wadl, simplejson, httplib)): None

   • No binaries running as root, nor daemons. Those are just libraries.
   • Handles network data, by its nature. Client side security concerns are moderate, since it just connects to well-known services (launchpad edge and staging).
   • Processes structured data in the higher levels, but those are all written in Python, thus buffer/integer overflows etc. are not an issue.
   • No source code review performed

4. Quality assurance:

   • In what situations does the package not work out of the box without configuration ? None, it is just a library.
   • No debconf usage.
   • python-launchpadlib and python-wadllib are not in Debian.

   • simplejson Debian bugs: None

   • python-httplib2 Debian bugs: Just one wishlist (newer release, which we have in Ubuntu)

   • simplejson Maintenance in Debian is vigorous.

   • python-httplib2 Maintenance in Debian is calm, we update it in Ubuntu.

   • launchpadlib and wadllib upstream (Canonical Launchpad developers) is vigorous.

   • wadllib and launchpadlib Upstream bug trackers: quite a number of issues, but no showstoppers, and they get attention.

   • Does not deal with any special hardware.
   • There are some lightweight tests in wadllib. Apport has an extensive test suite for all its operations, which covers launchpadlib.

5. UI standards: No user-visible strings nor GUI.

6. Standards compliance:

   • FHS, Debian Policy compliant

   • Python policy compliant.
   • Standard packaging systems (cdbs/debhelper/quilt), no oddities.

7. Dependencies: all in main

8. Maintenance:

   • python-launchpadlib and python-wadllib are actively developed by Canonical Launchpad developers, and the Ubuntu developers keep up the packaging up to date (mostly James Westby and Martin Pitt). We spend some resources on those because these libraries are a crucial part of apport retracers, developer scripts, and archive administration.
   • simplejson is maintained in Debian and does not need particular Ubuntu efforts.
   • python-httplib2 is in Debian, but not updated there; we update it in Ubuntu as needed, as part of the launchpadlib maintenance; it requires very little effort, though.

9. Background information:

   • The general purpose and context of the package is be clear from the package's descriptions.

Reviewers

MIR bug: 353846

Original report written by MartinPitt.