Re: libstdc++6: Breaks: libboost-date-time1.55.0, but isn't that package fixed now?

To: Matthias Klose <doko@debian.org>, 794774@bugs.debian.org
Cc: debian-gcc@lists.debian.org, Dimitri John Ledkov <xnox@debian.org>
Subject: Re: libstdc++6: Breaks: libboost-date-time1.55.0, but isn't that package fixed now?
From: jnqnfe <jnqnfe@gmail.com>
Date: Sat, 08 Aug 2015 01:01:26 +0100
Message-id: <[🔎] 1438992086.2506.36.camel@gmail.com>
In-reply-to: <[🔎] 55C53296.5010803@debian.org>
References: <[🔎] 1438974686.2506.7.camel@gmail.com> <[🔎] 55C53296.5010803@debian.org>

Further searching has indeed suggested that boost 1.55 is still broken
and will remain so (e.g. the bug #793222 discussion), and thus I can
see that 1.57/1.58 is needed as you say. In fact 1.58 is available and
it's actually just a couple of libreoffice dependencies specifically
targeting 1.55 that are causing the hold up in upgrade installation
currently (at least here on my systems).

It is indeed unfortunate that packages for the gcc5 transition were
pushed to unstable before libreoffice was made ready for it, and worse
that this has resulted in security implications for Sid users. I must
request that those responsible please tread more carefully in future
(no disrespect intended, and do I really appreciate the free time and
effort put into these projects).

While there may sadly be no specific commitment for keeping unstable
secure, it has been my impression that the record for pushing security
fixes there is pretty strong. I am sure that many Debian users run Sid
in order to have a much more up to date collection of application
packages than you get from stable (testing does not seem suitable for
normal use, since security updates are frequently delayed due to
unstable->testing transitions). It would be very much appreciated if
devs/maintainers would please keep this in mind in order to not cause
problems like this for such users.

On Sat, 2015-08-08 at 00:35 +0200, Matthias Klose wrote:
> Control: severity -1 important
> 
> On 08/07/2015 09:11 PM, jnqnfe wrote:
> > Control: severity -1 critical
> > Control: tag -1 + security
> > 
> > This dependency issue is now blocking installation of security 
> > updates
> > on Sid (which many people use instead of stable, whether they 
> > should or
> > not), specifically the emergency patch to iceweasel (CVE-2015-4495) 
> > in
> > version 38.1.1esr-1.
> 
> this is unfortunate, however there never was and is any commitment of 
> unstable
> getting security fixes.  The issue is not fixed by any upload of 
> boost1.55 built
> with GCC 4.9, and it won't build with GCC 5.  An update to 1.57 or 
> 1.58 is
> required.  If you need to have such an update in testing, then you 
> should ask
> for an upload to testing.
> 
>

Reply to:

Follow-Ups:
- Re: Bug#794774: libstdc++6: Breaks: libboost-date-time1.55.0, but isn't that package fixed now?
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: libstdc++6: Breaks: libboost-date-time1.55.0, but isn't that package fixed now?
  - From: Dimitri John Ledkov <xnox@debian.org>

References:
- Re: libstdc++6: Breaks: libboost-date-time1.55.0, but isn't that package fixed now?
  - From: jnqnfe <jnqnfe@gmail.com>
- Re: libstdc++6: Breaks: libboost-date-time1.55.0, but isn't that package fixed now?
  - From: Matthias Klose <doko@debian.org>

Prev by Date: Bug#794774: libstdc++6: Breaks: libboost-date-time1.55.0, but isn't that package fixed now?
Next by Date: Re: Bug#794774: libstdc++6: Breaks: libboost-date-time1.55.0, but isn't that package fixed now?
Previous by thread: Bug#794774: libstdc++6: Breaks: libboost-date-time1.55.0, but isn't that package fixed now?
Next by thread: Re: Bug#794774: libstdc++6: Breaks: libboost-date-time1.55.0, but isn't that package fixed now?
Index(es):
- Date
- Thread