[MIR] libfreeaptx
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libfreeaptx (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
[Availability]
The package libfreeaptx is already in Ubuntu universe.
The package libfreeaptx build for the architectures it is designed to work on.
It currently builds and works for architetcures: amd64 arm64 armhf ppc64el riscv64 s390x
Link to package https:/
[Rationale]
- The package libfreeaptx is required in Ubuntu main for pipewire to provide better bluetooth audio codecs
https:/
- The package libfreeaptx is required in Ubuntu main no later than aug 25 due to feature freeze
[Security]
- No CVEs/security issues in this software in the past
- no `suid` or `sgid` binaries
- no executables in `/sbin` and `/usr/sbin`
- Package does not install services, timers or recurring jobs
- Packages does not open privileged ports (ports < 1024)
- Packages does not contain extensions to security-sensitive software
[Quality assurance - function/usage]
- The package works well right after install
[Quality assurance - maintenance]
- The package is maintained well in Debian/Ubuntu and has no report
- Ubuntu https:/
- Debian https:/
- The package does not deal with exotic hardware we cannot support
[Quality assurance - testing]
- The package does not run a test at build time because the upstream project doesn't include tests.
- The package does not run an autopkgtest because upstream doesn't provide tests, audio codecs would also no be something easily testable in autopkgtest.
The package will manually tested by connecting an headset and verifying that the high quality profile is available for the device in the settings. The quality will be confirmed by joining a video call or doing a local recording to be replayed.
[Quality assurance - packaging]
- debian/watch is present and works
The lintian warnings are about the manpage which hasn't been upstreamed
# lintian --pedantic
P: libfreeaptx source: maintainer-
P: libfreeaptx source: maintainer-
- Lintian overrides are not present
- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies
- The package will be installed by default, but does not ask debconf questions
- Packaging and build is easy, link to d/rules https:/
[UI standards]
- Application is not end-user facing (does not need translation)
[Dependencies]
- No further depends or recommends dependencies that are not yet in main
[Standards compliance]
- This package correctly follows FHS and Debian Policy
[Maintenance/Owner]
- Owning Team will be desktop-packages
- Team is not yet, but will subscribe to the package before promotion
- This does not use static builds
- This does not use vendored code
- The package successfully built during the most recent test rebuild
[Background information]
The Package description explains the package well
Upstream Name is libfreeaptx
Link to upstream project https:/
Changed in libfreeaptx (Ubuntu): | |
assignee: | nobody → Ioanna Alifieraki (joalif) |
description: | updated |
Review for Package: libfreeaptx
[Summary]
libfreeaptx is a small library and is Open Source implementation of Audio Processing Technology codec (aptX)
derived from ffmpeg 4.0 project and licensed under LGPLv2.1+. This codec is mainly used in Bluetooth A2DP profile.
It provides dynamic linked shared library libfreeaptx.so and simple command line utilities for encoding and decoding operations.
libfreeaptx is based on version 0.2.0 of libopenaptx with the intent of continuing under a free license without the additional
license restriction added to libopenaptx 0.2.1.
Binary packages from source package :
libfreeaptx-dev: provides development files
freeaptx-utils: provides utilities for encoding and decoding (freeaptxenc, freeaptxdec)
libfreeaptx0: provides the shared library
MIR team ACK.
This does need a security review, so I'll assign ubuntu-security.
List of specific binary packages to be promoted to main: libfreeaptx0, freeaptx-utils, libfreeaptx-dev
Notes:
Recommended TODOs:
- The package should get a team bug subscriber before being promoted
- Although it is explained why there are no tests in the package and the team
commits to manually test it, it would still be nice to have some tests either
at build time or autopackage if possible (this is only recommended).
[Duplication]
There is no other package in main providing the same functionality.
[Dependencies]
OK:
- no other Dependencies to MIR due to this
- checked with check-mir
- not listed in seeded-in-ubuntu
- none of the (potentially auto-generated) dependencies (Depends
and Recommends) that are present after build are not in main
- no -dev/-debug/-doc packages that need exclusion
- No dependencies in main that are only superficially tested requiring
more tests now.
Problems: None
[Embedded sources and static linking]
OK:
- no embedded source present
- no static linking
- does not have odd Built-Using entries
- not a go package, no extra constraints to consider in that regard
- No vendoring used, all Built-Using are in main
Problems: None
[Security]
OK:
- history of CVEs does not look concerning
- does not run a daemon as root
- does not use webkit1,2
- does not use lib*v8 directly
- does not open a port/socket
- does not process arbitrary web content
- does not use centralized online accounts
- does not integrate arbitrary javascript into the desktop
- does not deal with system authentication (eg, pam), etc)
- does not deal with security attestation (secure boot, tpm, signatures)
Problems:
- does parse data formats
[Common blockers]
OK:
- does not FTBFS currently
- the package does not provide any tests at all. The subscribed team commits to manually
test the package as described in bug description (section [Quality assurance - testing])
- no new python2 dependency
Problems: None
[Packaging red flags]
OK:
- Ubuntu does not carry a delta
- symbols tracking is in place
- d/watch is present and looks ok (if needed, e.g. non-native)
- Upstream update history is sporadic
- Debian/Ubuntu update history is sporadic
- the current release is packaged
- promoting this does not seem to cause issues for MOTUs that so far
maintained the package
- no massiv...