[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fasttree: hard-coded limit on branch length precision leads to erroneous results



>>>>> "C" == Charles Plessy <plessy@debian.org> writes:

Hi Charles,

    C> Le Thu, Mar 26, 2015 at 05:15:36PM +0100, Andreas Tille a écrit :
    >> On Thu, Mar 26, 2015 at 05:14:24PM +0100, Andreas Tille wrote:
    >> > > The above article describes the patch needed to prevent the
    >> > > flaw. Upstream incorporated the fix in version 2.1.8. In my
    >> > > opinion this bug is release critical and should be fixed
    >> > > before the release of jessie.
    >> >
    >> > Please file an RC bug!
    >>
    >> I'll tag #781259 as serious.

    C> to get the fix in Jessie at this point of the Freeze, it has to
    C> be limited the strict necessary changes.

    C> I recommend to temporarly revert the following commits:

    C> ---------------------------------------------------------------------------
    C> commit 5788cecbb05a4394c3fed722c47bdba5c20432ef Author:
    C> tbooth-guest <tbooth-guest@debian.org> Date: Tue Feb 25 13:43:34
    C> 2014 +0000

    C>     Fixed package not cleaning 100% after build.
    
this is a perfect example why it's so important to tag package
releases. Unfortunately, fasttree doesn't have any so far. So for
someone unfamiliar with the package history, it's
guesswork or tedious detective research to find out what went into a
release version of the package. Good job fasttree is a tiny package
making things easier. Looking at the date of the last commit in
fasttree, I assumed it must have been included in the jessie version.
On the other hand, the biolinux1 in the version number should have made
me more suspicious ... :)

    C>     I also think the upstream changelog belongs in the package,
    C>     according to policy, so I added it.  But maybe I'm mistaken?
    
    
    
    C>     git-svn-id:
    C>     svn://svn.debian.org/debian-med/trunk/packages/fasttree/trunk@16316
    C>     d8681a01-af0d-0410-a158-b4166a59cfaa

    C> commit dcef62b4c80a2c43b3c17af428e977b6535c3dc3 Author: jamessan
    C> <jamessan@debian.org> Date: Sun Feb 23 04:46:19 2014 +0000

    C>     Move debian/upstream to debian/upstream/metadata
    
    C>     git-svn-id:
    C>     svn://svn.debian.org/debian-med/trunk/packages/fasttree/trunk@16250
    C>     d8681a01-af0d-0410-a158-b4166a59cfaa
    C> ---------------------------------------------------------------------------

    C> I think that the commits about VCS URL and maintainer are
    C> acceptable, but if the release team prefers the package without,
    C> the best will be to revert the commit on VCS URLs

The change of the VCS URLs was in a commit that is not part of the tag 2.1.7-2.

    C> and upload the changes as a "Team Upload", without change of
    C> maintainers (this can be done when uploading version 2.1.8 after
    C> the release).

You guys know best what to do in such cases. Just go ahead with whatever
you think is right.

    C> In any case, many thanks for spotting this and preparing a
    C> correction so quickly !

It was a simple fix and given the findings described in the blog post
pretty important.

    C> Do you think it would be possible to backport the change for
    C> Wheezy as well ?

I guess so. We have already built the package for Qlustar/Wheezy, so no
principal problem. We'd have to rebuild it with a different version
number suitable for the backports repo, but that's done in no time.
Just a question how the upload process to the official backport repo
works. I'm not familiar with that.

-- 
Roland

-------
http://www.q-leap.com / http://qlustar.com
          --- HPC / Storage / Cloud Linux Cluster OS ---


Reply to: