Re: jedit_4.3.1+dfsg-1_amd64.changes REJECTED

To: Michael Tautschnig <mt@debian.org>, Gabriele Giacone <1o5g4r8o@gmail.com>, Florian Weimer <fw@deneb.enyo.de>, security@debian.org, Debian Security <debian-security@lists.debian.org>, Torsten Werner <twerner@debian.org>, Alexander Reichle-Schmehl <tolimar@debian.org>, Debian Java <debian-java@lists.debian.org>, Michael Koch <konqueror@gmx.de>
Subject: Re: jedit_4.3.1+dfsg-1_amd64.changes REJECTED
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 9 Apr 2010 00:02:21 +0200
Message-id: <[🔎] 20100408220221.GC3131@galadriel.inutil.org>
In-reply-to: <[🔎] 20100405105239.GB9805@l04.thnet>
References: <4BA1DE7B.20404@debian.org> <82b06fd61003180322i5a9cec6q714358f43461d5e@mail.gmail.com> <4BA22E19.2090107@debian.org> <82b06fd61003180719x158afd6ej38d80d1a2645888c@mail.gmail.com> <20100318142739.GA32085@laptop165.dbai.tuwien.ac.at> <4BB3CD1C.8000005@gmail.com> <87hbns1ipr.fsf@mid.deneb.enyo.de> <20100403214319.GF6368@l04.thnet> <[🔎] 4BB8F651.2040902@gmail.com> <[🔎] 20100405105239.GB9805@l04.thnet>

On Mon, Apr 05, 2010 at 12:52:39PM +0200, Michael Tautschnig wrote:
> [...]
> 
> > 
> > I would proceed in this way:
> > bsh: add bsh-src binary creation
> > jedit:
> > - remove Debian bsh sources (added to the rejected package [2])
> > - add bsh-src as builddep
> 
> I think if you do a versioned builddep (exact version) then at the very latest
> an archive rebuild will ensure that jedit gets fixed after a security upload.
> Unless, of course, the security team does rdep checks anyway.
> 
> > - apply jedit patch and build against patched bsh.
> > - switch to "public" package like bsh so if someone wanted to
> > write a reflection/AOP patch, it would easily be done without asking.
> > 
> > Would it be rejected again?
> > 
> 
> That now seems to be the security team's decision.

bsh code copies don't strike me as a security-relevant overhead,
personally I don't have any objections.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: jedit_4.3.1+dfsg-1_amd64.changes REJECTED
  - From: Alexander Reichle-Schmehl <tolimar@debian.org>

References:
- Re: jedit_4.3.1+dfsg-1_amd64.changes REJECTED
  - From: Gabriele Giacone <1o5g4r8o@gmail.com>
- Re: jedit_4.3.1+dfsg-1_amd64.changes REJECTED
  - From: Michael Tautschnig <mt@debian.org>

Prev by Date: Re: RFS: libstruts1.2-java version 1.2.9-4
Next by Date: Request For Mentor/Sponsor: libgstreamerjava
Previous by thread: Re: jedit_4.3.1+dfsg-1_amd64.changes REJECTED
Next by thread: Re: jedit_4.3.1+dfsg-1_amd64.changes REJECTED
Index(es):
- Date
- Thread