[Summary] SQLAlchemy-Utils extends SQLAlchemy with various new data types and helpers. The new data types include JSON and Encrypted types. SQLAlchemy provides an Object-Relation Mapping python library. This does need a security review, so assigning ubuntu-security. MIR team approval for inclusion in main (pending security review). Actions: python3-intervals required for latest package build - ubuntu-archive Update to latest point release (0.36.8) - ubuntu-openstack Submit packaging changes back to Debian - ubuntu-openstack [Duplication] There is no other package in main providing the same functionality. [Dependencies] OK: - no other Dependencies to MIR due to this - no -dev/-debug/-doc packages that need exclusion TODO: Problems: [Embedded sources and static linking] OK: - no embedded source present - no static linking TODO: Problems: [Security] OK: - history of CVEs does not look concerning No history of CVE's - does not run a daemon as root - does not use webkit1,2 - does not use lib*v8 directly - does not parse data formats Lots of data format handling including encryption - passing to security team for review. - does not open a port - does not process arbitrary web content - does not use centralized online accounts - does not integrate arbitrary javascript into the desktop - does not deal with system authentication (e.g. pam), etc) [Common blockers] OK: - does not FTBFS currently Current upload in Ubuntu blocked due to missing BD (python3-intervals). Checking the source this is a build time only requirement and the package is in the NEW queue for archive-admin review. - does have a test suite that runs at build time - test suite fails will fail the build upon error. No - package tests are run as autopkgtest due to the requirement for MySQL and PostgreSQL databases for testing. - does have a test suite that runs as autopkgtest Yes - the latest upload has autopkgtests. - The package has a team bug subscriber ubuntu-openstack - no translation present, but none needed for this case. - no new python2 dependency - Python package that is using dh_python [Packaging red flags] OK: - Ubuntu does carry a delta, but it is reasonable and maintenance under control Recent delta to add autopkgtests - this should be submitted back to Debian for consideration for inclusion by the Debian package maintainer. - symbols tracking not applicable for this kind of code. - d/watch is present and looks ok - Upstream update history is good - Debian/Ubuntu update history is good - the current release is packaged No - its a couple of point releases behind (0.36.8) This is not a blocker for main inclusion as Ubuntu is the same major version. - promoting this does not seem to cause issues for MOTUs that so far maintained the package - no massive Lintian warnings - d/rules is rather clean - not using Built-Using Recommendations: Update to latest point release (0.36.8) Submit packaging changes back to Debian. [Upstream red flags] OK: - no Errors/warnings during the build - no incautious use of malloc/sprintf (as far as I can check it) - no use of sudo, gksu, pkexec, or LD_LIBRARY_PATH - no use of user nobody - no use of setuid - no important open bugs (crashers, etc) in Debian or Ubuntu - no dependency on webkit, qtwebkit, seed or libgoa-* - no embedded source copies - not part of the UI for extra checks