[MIR] gpsd
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gpsd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
FYI: We want to only seed the two binary packages:
- gpsd
- libgpsd23
But none of the others (further bindings, tools, ...)
They will stay "only" a suggest from Chrony, but we want to add them to the supported seed to reflect their elevated support status.
Availability: GPSD is available since quite a while and builds for all architectures
Rationale:
- The package is the de-facto way to feed GPS HW-based time info into chrony which became the main NTP server with Bionic.
- All users using HW assisted NTP would be glad to have this in main
- It is not a dependency for chrony, but we'd seed it to get into main and add a suggest to chrony (while HW people want it the majority of the community is good without, so no depends/recommend)
- in some way the replacement ntp->chrony was only half of it as ntp had ntp-server AND GPS reading capabilties. This MIR fills the gap created by that.
Security:
- there two (fairly old) CVEs aganst GPSD
=> https:/
- since the above nothing came up, the project itself is active and vital IMHO
=> https:/
- One of the issues has a USN, maybe the security team remembers if that was ok or bad back then
=> https:/
Quality assurance:
- After installing the package just needs to be told on which device to work, then it will gather GPS data (that is as minimal as it can be I'd think).
- no debconf on install
- long term this had a few crashes back in 2012-2014 but not much since then (a few actually unrelatred apport reports on postinst issues); nothing should stop considering this for main IMHO
=> https:/
=> https:/
- The one related important bug IMHO is bug 1790496 which will add apparmor to GPSD which I'd prefer when we grant it main (I wait on a security review there)
- "exotic hardware" is part of the GPSD story we (server team) have two kinds of receivers to test but there is a vast array of potential receivers which we will not be able to test all of them.
- a debian/watch file is in place
UI standards:
- not a UI package
Dependencies:
- Dependencies are sane (all in main and not deprecated)
GPSD:
Depends: netbase | systemd-sysv, lsb-base (>= 3.2-13), adduser (>= 3.34), libbluetooth3 (>= 4.91), libc6 (>= 2.27), libdbus-1-3 (>= 1.9.14), libusb-1.0-0 (>= 2:1.0.8), libgps23 (= 3.17-5build1)
Recommends: udev, python
LIBGPS23
Depends: libc6 (>= 2.15), libdbus-1-3 (>= 1.9.14), libstdc++6 (>= 5)
- There are a few universe build-depends, but nothing totally outdated IMHO
Standards compliance:
- meets the FHS
- follows (an older) standard 3.9.2
Maintenance:
- so far was mostly a sync, only now we pick up more work on it.
- DPB confirmed the server team would take over package subscription and maintainership as owning team
Background information:
Receiving GPS signals just to do so would be no core value of Ubuntu and not main-worthy. But being the de-facto way to feed the main ntp server (chrony) in Ubunutu with GPS data to improve time makes it a candidate.
Related branches
- Robie Basak: Approve
- Canonical Server: Pending requested
- Canonical Server Core Reviewers: Pending requested
-
Diff: 12 lines (+1/-0)1 file modifiedsupported-misc-servers (+1/-0)
CVE References
Changed in gpsd (Ubuntu): | |
assignee: | nobody → Mathieu Trudel-Lapierre (cyphermox) |
Changed in gpsd (Ubuntu): | |
assignee: | Mathieu Trudel-Lapierre (cyphermox) → Ubuntu Security Team (ubuntu-security) |
status: | New → Incomplete |
description: | updated |
description: | updated |
description: | updated |
Changed in gpsd (Ubuntu): | |
status: | New → Triaged |
Changed in gpsd (Ubuntu): | |
status: | Triaged → In Progress |
+1 for server team ownership of gpsd