Hi,
Eric Valette wrote:
> Rene Engelhard wrote:
>
> >We were starting to compose a "we-need-help" page on OOo Con....
>
> OK. This always surprises me that the number of developper/maintainer do
> not reflect the importance of the packages in term of basic computer
> usage (mozilla, openoffice, ppp, ...),
>
> >They worked. And we were in a hurry since that security problem had
> >to be fixed.
>
> Well frankly, the security problem has probably been fixed upstream or
> in other distro. If you use the security problem to rize the urgency to
yes. in 1.1.3 it will be fixed upstream.
We took the patch (and *only this patch* extracted from upstream CVS
_verbatim_.
The security fix isn't related to the printing stuff - it just happens
they were in the same upload.
You don't seriously consider we don't fix the security problem in our
packages?
And what do you want to say with "in an other distro"? We still have to
fix the security problem for us and they take the same patch from
upstream CVS...
> upload a package and in the mean time push other unrelated and untested
> changes that's how you miss the deadlines...
These were RC bug fixes wrt printing....
> >But you could use the buttons to use the basic formatting. Yes, that the
> >character stuff segfaults is bad, but you can use OOo Impress. Not as
> >complete as you probably want but you can use it => usable. That it is
> >buggy is some other part of the story but it is *not* unusable.
>
> Impress with no colors on any characters usable? You are probably joking!
>
> So my advice would be :
> 1) Remove the changes from 1.1.2-3 -> 1.1.2-4
Probably - the security fix has and will stay.
> 2) Pick up the security fix from elsewhere (upstream probably) or
> other distro and apply it,
err? The security fix isn't related to any impress or visual code...
And it just changes other stuff (temporary file permissions)
Furthermore, see above.
> 3) rebuild and test on testing and sid/unstable. If it still breaks,
> it means an unrelated chnage (compiler, librairies, ...),
> 4) if it works reload 1.1.2-5 ASAP...
It would be very nice if you wouldn't tell us things we already do know
and I already am going to do but actually help us.. But anyway..
> Then start thinking about the printing problem. As you know 1.1.3-rc is
> already there...
The printing problem won't be fixed in 1.1.3 since it is no problem
there.
The problem will be/is in 2.0 probably.
We backported the native CUPS (dlopen()ing cups if it finds libcups and using it
instead the broken sp-/oopadmin mechanism...) to our packages...
Please think, get informed and please read the changelog. There you see
that those stuff is distinct and the security fix isn't related to the
other stuff etc.
And I am not sure whether we will have 1.1.3 in sarge - new languages,
native widgets support, finally a -dev package, new architecture etc.
Big changes and it will have to go through NEW etc.
Grüße/Regards,
René
--
.''`. René Engelhard -- Debian GNU/Linux Developer
: :' : http://www.debian.org | http://people.debian.org/~rene/
`. `' rene@debian.org | GnuPG-Key ID: 248AEB73
`- Fingerprint: 41FA F208 28D4 7CA5 19BB 7AD9 F859 90B0 248A EB73
Attachment:
signature.asc
Description: Digital signature