Re: RC bug status for perl packages (re '.' in @INC removal)
On 25/07/16 17:20, Dominic Hargreaves wrote:
> Hello,
>
> As you will see from the below DSA, a class of vulnerabilities in
> perl programs has been announced today. We have fixed the worst parts of
> this in Debian, but ultimately we'd like to (in keeping with upstream's
> intentions for 5.26) remove the current directory from the module search
> path altogether.
>
> At the moment, this would cause around 40 packages to FTBFS (that was
> the number of jessie - it will be a bit different for sid).
The advisory only mentions about a dozen packages. Is that estimate of ~40 accurate?
> In the near term, changing the default is a matter of uncommenting a line
> in a conffile (and can therefore be easily reverted by the user if needed).
>
> I'd like to upload such a change to sid ASAP (probably just after the
> initial sid upload, due any minute now, migrates to testing). If the
> impact of that measured against sid/stretch is manageable, we'd also like
> to consider making the change by default in a future point release,
> although the number of packages that need updates may still be too large;
> we'd obviously discuss that with you in the normal way via a transition
> bug.
>
> Are you happy for us to introduce such a change in sid later this week,
> and start filing RC bugs about problems in other packages caused by
> the change?
Are these problems to difficult to change? This should be fine, but if you can
give an approximate list of affected packages that would be appreciated.
Thanks,
Emilio
Reply to: