Ubuntu
python-octavia-lib package

Bug #1864666
Comment #5

Comment 5 for bug 1864666

Revision history for this message

James Page (james-page) wrote on 2020-07-27:

[Summary]
ovn-octavia-provider provides integration between OpenStack Octavia and OVN, supporting provisioing of load balancers as part of the SDN function of the cloud (vs use of instances for Load Balancers).

MIR team ack for inclusion in Ubuntu main.

[Duplication]
There is no other package in main providing the same functionality.

[Dependencies]
OK:
- no other Dependencies to MIR due to this
(other than those already on this bug report)
- no -dev/-debug/-doc packages that need exclusion

[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking

[Security]
OK:
- history of CVEs does not look concerning
no security history
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ovn-octavia-provider

- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not parse data formats
Uses JSON for communication between the driver manager and Octavia
(using oslo_serialization which is already in main).

- does not open a port
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (e.g. pam), etc)

- The package has a team bug subscriber
ubuntu-openstack

- no translation present, but none needed for this case
- no new python2 dependency
- Python package that is using dh_python

[Packaging red flags]
OK:
- Ubuntu does carry a delta, but it is reasonable and maintenance under control
OpenStack ahead of Debian in Ubuntu.
- symbols tracking not applicable for this kind of code.
- d/watch is present and looks ok
- Upstream update history is good
- Debian/Ubuntu update history is good but divereged
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
maintained the package
- no massive Lintian warnings
- d/rules is rather clean
- not using Built-Using

[Upstream red flags]
OK:
- no Errors/warnings during the build
- no incautious use of malloc/sprintf (as far as I can check it)
- no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
- no use of user nobody
- no use of setuid
- no important open bugs (crashers, etc) in Debian or Ubuntu
- no dependency on webkit, qtwebkit, seed or libgoa-*
- no embedded source copies
- not part of the UI for extra checks

MIR team ack for inclusion in Ubuntu main.

[Duplication]
There is no other package in main providing the same functionality.

[Dependencies]
OK:
 - no other Dependencies to MIR due to this
   (other than those already on this bug report)
 - no -dev/-debug/-doc packages that need exclusion

[Embedded sources and static linking]
OK:
 - no embedded source present
 - no static linking

[Security]
OK:
 - history of CVEs does not look concerning
   no security history
   https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ovn-octavia-provider
   
 - does not run a daemon as root
 - does not use webkit1,2
 - does not use lib*v8 directly
 - does not parse data formats
   Uses JSON for communication between the driver manager and Octavia
   (using oslo_serialization which is already in main).
   
 - does not open a port
 - does not process arbitrary web content
 - does not use centralized online accounts
 - does not integrate arbitrary javascript into the desktop
 - does not deal with system authentication (e.g. pam), etc)

[Common blockers]
OK:
 - does not FTBFS currently
 - does have a test suite that runs at build time
   - test suite fails will fail the build upon error.
 - does have a test suite that runs as autopkgtest
   autopkgtest-pkg-python
   
 - The package has a team bug subscriber
   ubuntu-openstack
   
 - no translation present, but none needed for this case
 - no new python2 dependency
 - Python package that is using dh_python

[Packaging red flags]
OK:
 - Ubuntu does carry a delta, but it is reasonable and maintenance under control
   OpenStack ahead of Debian in Ubuntu.   
 - symbols tracking not applicable for this kind of code.
 - d/watch is present and looks ok
 - Upstream update history is good
 - Debian/Ubuntu update history is good but divereged
 - the current release is packaged
 - promoting this does not seem to cause issues for MOTUs that so far
   maintained the package
 - no massive Lintian warnings
 - d/rules is rather clean
 - not using Built-Using

[Upstream red flags]
OK:
 - no Errors/warnings during the build
 - no incautious use of malloc/sprintf (as far as I can check it)
 - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH
 - no use of user nobody
 - no use of setuid
 - no important open bugs (crashers, etc) in Debian or Ubuntu
 - no dependency on webkit, qtwebkit, seed or libgoa-*
 - no embedded source copies
 - not part of the UI for extra checks

Ubuntupython-octavia-lib package

Comment 5 for bug 1864666

Ubuntu
python-octavia-lib package