Comment 1 for bug 961389

* Not in Debian, no LP bugs. While the package is only in Ubuntu, it is supported by the server team and with upstream employed by Canonical
* No CVE history
* build dependencies and runtime dependencies are in main
* lintian clean
* has a test suite, but it is not enabled in the build. Details of how to use it are in the README file. It might be appropriate to add the files needed to download-cache/dist to the Ubuntu packaging (or add Build-Deps and then put things in there), but this might not be feasible.
* ships an upstart job, but it is not configured on install 'init: txlongpoll main process ended, respawning'. Running the exec command results in yaml not being importable. This is due to a missing Depends on python-yaml
* once python-yaml is installed, the upstart job starts a root running daemon that listens on all interfaces and is reachable over the network. This is not ideal and it is not clear why this is needed at all.
* packaging otherwise looks ok
* code is clean and easy to understand.

Please add a bug subscriber and adjust the packaging to Depends on python-yaml. I would suggest not shipping the upstart job at all, but if you must have a daemon running over the network, please run as a non-root user and consider binding only to the localhost. ACK if upstart job is removed or daemon runs as non-root. Marking as 'In Progress' for now.