[MIR] gaupol (translate-toolkit Recommends python-aeidon)

translate-toolkit is still needed for po2sdf conversion in the build. demoting the recommends to a suggests is the way to go.

Created translate-toolkit-1.9.0-1ubuntu1 demoting python-aeidon from recommends to suggests.

MIR rationale: needed for Libreoffice as build depend and is getting used by Libreoffice upstream.

Approved from a MIR/maintaining perspective. Assigning to ubuntu-security just for a quick check on tmserver, which seems like a potential concern, though there are no CVEs I could find and it doesn't seem to be automatically run.

Security review for tmserver:
translate/services/tmserver.py uses a translate/misc/tmdb object and exposes it via a REST api. This api is defined in __init__() in tmserver.py, and exposes GET, POST, PUT and DELETE. Several of the defined methods are noops and worked as TODO. The api is simple, and arguments are sanitized. tmserver is resistant to SQL injection via its correct use of the python Cursor object and DB-API parameter substitution via tmdb.py. It also appears to be using the logging module correctly in misc/wsgi.py.

Beyond the coding of tmserver.py, there are a few issues:
- tmserver.py does not support SSL so server and client interactions can be MITMd
- there is no authentication built into tmserver.py
- the way misc/wsgi.py is coded, it will use try the following in order: cherrypy, werkzeug, django and finally wsgiref (part of python). Upstream doesn't appear too thrilled with wsgiref because "it doesn't support concurrency at all". I think the way that wsgi.py is coded makes maintenance difficult, as people may use different backends which may have different behaviors.

The MITM does not seem to be an issue for client to server communications, as the server is coded defensively (but obviously faulty data could be inserted into its sqlite database). server to client communications could be problematic depending on what the client is doing and whether or not it trusts the server. The rdepends of translate-toolkit are virtaal, pootle, and lokalize (all in universe). As pootle is a "Web-based translation and translation management tool", it may have tmserver support, but I did not check it. I don't think this is a blocker in general, as translate-toolkit does not ship an initscript for tmserver.py, it is not running after install and the manpage gives an example that uses an unprivileged port.

All that said, since libreoffice needs this, but it does not explicitly need tmserver, it would be preferred if tmserver was split out into it's own package and put in universe, or not shipped at all. Since this is extremely late in the Oneiric cycle, I do not hold out much hope for this....

Per discussion on IRC (thanks slangasek!), translate-toolkit does not need the MIR review as it has been in main forever. gaupol needed the review (for translate-toolkit's Recommends on python-aeidon), but translate-toolkit was already adjusted for python-aeidon to Suggests. As such, this bug can now be closed.