Availability: src:nghttp2 is in artful/universe and builds binary packages for all available architectures.
Rationale: In order to enable apache2's support for HTTP/2, libnghttp2-14 must be in main (libnghttp2-dev is added as a b-d for src:apache2, but it can remain in universe). The other binary packages produced by src:nghttp2 should remain in universe. While upstream Apache still describes mod_http2 as 'experimental' (https://httpd.apache.org/docs/2.4/mod/mod_http2.html), we presumably want to enable it by 18.04. It makes sense to process this MIR now so that we can work through issues with HTTP/2 support during the 17.10 cycle.
Rationale update: Upstream Apache has indicated 2.4.26 will 'unmark' mod_http2 has 'experimental': https://httpd.apache.org/docs/2.4/howto/http2.html#comments_section
Rationale update v2: The public page referred above already has removed the note and marked http2 as an "extension".
Quality assurance:
The only package needed at runtime to be in main is libnghttp2-14 (current ABI) itself. As this is only a library, there is no configuration required after installation.
No debconf questions are asked by default during the installation of libnghttp2-14.
There are no long-term outstanding bugs against libnghttp2.
Ubuntu bugs: https://bugs.launchpad.net/ubuntu/+source/nghttp2
- There is one automated (it seems) report of a security issue with the 16.04 version. I have not yet confirmed if it was/is present in the latest versions.
+ I received a forward offlist between the bug reporter and upstream developer. This particular issue is in example code which documents potential usage, but is not part of the shipped library itself.
Debian bugs: https://bugs.debian.org/cgi-bin/pkgreport.cgi?dist=unstable;src=nghttp2
- Two bugs, neither of which are serious.
Upstream issue tracker: https://github.com/nghttp2/nghttp2/issues
- There are currently 175 open issues for the upstream project.
- It is not yet clear how many of these issues are in the core library vs. the binary tools built by the upstream project.
The package seems to be well-maintained in Debian.
The package does not interact with exotic hardware (or hardware at all).
Based upon the latest build logs, some tests are run, but not all. I will investigate if all tests can be run during the build.
The package's debian/watch file is current.
UI standards: N/A, as the library is not a user-facing application.
Dependencies: The only binary dependency of libngttp2-14 is libc6 which is in main.
Standards compliance: The package meets the FHS and Debian Policy standards.
Maintenance: I have subscribed Ubuntu Server to the nghttp2 source package as the "owning" team.
Background information:
There are significant improvements associate with HTTP/2. It was deferred in 16.04 because it was considered 'too new' at the time. While Apache still describes the mod as 'experimental' it feels like 18.04 must ship the module in order to promote/support its adoption during the 5-year support cycle for that LTS release.
Status changed to 'Confirmed' because the bug affects multiple users.