[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Ubuntu dpkg

On Fri, Mar 12, 2010 at 05:30:33AM +0100, Guillem Jover wrote:
> You might also want to cherry-pick these, which fix some minor security
> related bugs, althought the Debian security team didn't consider them
> worth a DSA (some are really corner cases):
>   4c9d2d0eeed8b077a19da5bac5f2e8183e27e850
>   ffccc65580189420a0a64736bba0fb661de56dcb
>   7738fe5398d6610723c3def2ddc50eea1a73c327
> And the database dir sync patches (there are some missing patches from
> the series, but they should not be needed for the final one, although
> I've not actually checked the convination, only split them so that
> they could be ignored):
>   a35f0e37a46b2e3721149a25c36f3352c1cdf881
>   15daa22fa94d19cc059d2755e5164db1a3a62791
>   ab9482eb45e27a0b0c058a2662b28b7d3642173d
>   20fdb395cc721a5060c5623eda956d73ea840a21

Thanks, I'll have a look.  I'm worried about the syncing changes though;
apparently they're *really* *really* pessimal on some systems, e.g. ext4
with data=ordered (which considers rename() as a barrier itself so the
fsync() isn't necessary in that configuration).  Scott James Remnant
reported that it took over an hour to unpack a linux-headers-* package!

I don't know what the right answer is here.  On the one hand, not
fsyncing kills reliability on some systems; on the other hand, fsyncing
kills performance on other systems.

> Or you could just wait for (or 1.15.7) to get into unstable,
> although Raphaël tells me you guys have already frozen dpkg? :/

We have - I wouldn't be inclined to merge at this point.

Colin Watson                                       [cjwatson@debian.org]

Reply to: