[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Preparation of the next stable Debian GNU/Linux update (I)

I posted this to debian-release yesterday, but have received no replies.
I would like to know if it is possible to get httperf back into Sarge
(for the reasons stated below), or if I should simply not worry about


On Fri, Jul 08, 2005 at 09:18:16AM +0200, Martin Schulze wrote:
> The requirements for packages to get updated in stable are:
>  1. The package fixes a security problem.  An advisory by our own
>     Security Team is required.  Updates need to be approved by the
>     Security Team.
>  2. The package fixes a critical bug which can lead into data loss,
>     data corruption, or an overly broken system, or the package is
>     broken or not usable (anymore).
>  3. The stable version of the package is not installable at all due to
>     broken or unmet dependencies or broken installation scripts.
>  4. All released architectures have to be in sync.
>  5. The package gets all released architectures back in sync.
> It is (or (and (or 1 2 3) 4) 5)

I am adopting the httperf package.  It was in Woody and was removed from
Sarge/Sid because of licensing issues with linking to OpenSSL.  The
issue has been resolved [0] by the current upstream maintainer.   Since
the package was in Woody and not in Sarge [1], there is the potential
for someone to have had it installed prior to upgrading and now have it
still installed.  This could be a problem since if the package is only
allowed back into Sid/Etch, then Sarge users with the "obsolete" httperf
would not receive any future security updates (if they become necessary)
for the package.  Is this sufficient justification to have the package
added back in to Sarge?

Here is a summary of the changes from the Woody version:

* Move from non-US to main
* Recompile against libssl0.9.7
* Update license and copyright file.
* Corrected some minor lintian warnings against the man page.
* Added a watch file.

The last two changes can be backed out if it is necessary to get the
package into Sarge.  If this is sufficient, I can have a new package
done and uploaded (by my sponsor) by tomorrow.

Comments would be appreciated.


[0] http://lists.debian.org/debian-legal/2005/07/msg00040.html
[1] http://packages.debian.org/httperf

Roberto C. Sanchez

Attachment: pgps3Csadro0g.pgp
Description: PGP signature

Reply to: