Bug#704468: unblock: nova/2012.1.1-16 (upstream fix for vncproxy after the last security fix broke it)
On 04/01/2013 11:24 PM, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
>
> On Mon, 2013-04-01 at 23:08 +0800, Thomas Goirand wrote:
>> The security fix "Nova DoS by allocating all Fixed IPs" broke the
>> vncproxy feature of Nova. Version 2012.1.1-16 correct this.
>
> You downgraded the relevant bug (#703242) from grave to "only" important
> a few days ago. Could you clarify what you consider the severity of this
> issue to be?
I'm not really sure. The bug for the vnc proxy package itself really is:
"grave: makes the package in question unusable by most or all users"
(since the daemon crashes because of this bug).
Though this really is "only" a problem with this particular binary
package, not for the whole of Nova itself, which continues to be usable.
If we consider Nova as a whole, then it would be:
"important: a bug which has a major effect on the usability of a
package, without rendering it completely unusable to everyone."
So depending if the bug severity applies to the binary package
nova-xvpvncproxy, or to all of Nova, it could be considered either Grave
or Important.
I downgraded this bug because I thought it didn't deserve a huge
highlight at this point of the release, and I thought it was a bad idea
to have it as RC at this point in time. In other words: I didn't #704468
was a reason good enough to delay Wheezy, and have others focus on it
when I knew that upstream was working on validating the patch, even
though a fix would have been nice.
I hope you will find my reasoning correct.
> fwiw:
>
> + * Fixes the DNS in the case of PGSQL: now it really is postgresql:// and not
> + qgsql://.
>
> s/qg/pg/
Right. And also: s/DNS/DSN/. Sorry for these. I have fixed this
changelog entry in the Git repository on Alioth, so it will be fixed
if/when there is the need for a QA upload on this package.
Cheers,
Thomas
Reply to: