Re: Bug#864745: Update on base.pm jessie point release

To: Cyril Brulebois <kibi@debian.org>
Cc: 864745@bugs.debian.org, perl@packages.debian.org, debian-perl@lists.debian.org
Subject: Re: Bug#864745: Update on base.pm jessie point release
From: Dominic Hargreaves <dom@earth.li>
Date: Thu, 6 Jul 2017 19:37:29 +0100
Message-id: <[🔎] 20170706183729.hhcncuximbsif3kr@urchin.earth.li>
In-reply-to: <20170705054639.GI6174@mraw.org>
References: <20170704161450.u5ayozm4el6zngb6@urchin.earth.li> <20170705054639.GI6174@mraw.org>

+ debian-perl as it possible affects how we deal with FTBFS module
packages.

On Wed, Jul 05, 2017 at 07:46:39AM +0200, Cyril Brulebois wrote:
> Hi Dominic,
> 
> Dominic Hargreaves <dom@earth.li> (2017-07-04):
> > 1) this commit is identical to those now in upstream release candidates.
> > 2) This has now been filed as #867164 (sorry that this was missing before)
> 
> Thanks for the update, much appreciated.
> 
> I have to say that giving you a green light to update perl in stable with this
> kind of fix makes me a little nervous, sorry. :(

Okay, it would be useful to know in a bit more detail why you think this,
as it doesn't seem any different from other similar fixes to perl we
have requested in the past (and we've learnt our lesson from lack of
mass rebuild testing where that was an issue previously)

But anyway, there are two options:

1) proceed with the update as proposed. This should be fairly low risk
since we have test-rebuilt all packages build-depending on perl and found
no regressions, and the problem it is fixing only affected a handful
of unusual cases. Given the lack of bug reports, I assume the imperfect
base.pm change hasn't actually affected anyone in the real world, but of
course that might be a rash assumption.

2) work around the problem by patching away the issue like we have
for stretch in the half dozen or so affected packages. This would leave
jessie's perl in a slightly awkward state in carrying around for the
rest of its days a patch that was rejected by upstream in favour
of another one. But in practice it may not make all that difference.
And probably the risk in doing this is slightly less in not touching a
core package, though it is a bit more work.

Overall I'm in favour of 1) but happy to defer to you. Does anyone
else in pkg-perl have an opinion on this?

> > 3) this particular bug doesn't strictly apply to stretch/sid, but we plan
> >    to fix it in sid at least for consistency and to fix the minor remaining
> >    security bug (see #867170)
> 
> I'm not sure how we feel about similar-yet-kind-of-different bugs in
> other suites (as in: not sure whether fixing those would be considered
> a hard requirement before an update in (old)stable).

Even if you reject the patch for jessie, I hope you will consider it
in stretch, as there is actually fixes a minor security issue (in due
course it will end up in a new upstream point release, and it's quite
likely we'll want a wholesale upgrade to that anyway).

Indeed, if that would also make you uncomfortable we should discuss
that in more detail...

I will aim to get the s-p-u bug for that filed soon.

Thanks,
Dominic.

Reply to:

Follow-Ups:
- Re: Bug#864745: Update on base.pm jessie point release
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: Bug#867104: wanna-build issue with src:perl versioned Provides
Next by Date: Re: Bug#864745: Update on base.pm jessie point release
Previous by thread: Bug#867104: wanna-build issue with src:perl versioned Provides
Next by thread: Re: Bug#864745: Update on base.pm jessie point release
Index(es):
- Date
- Thread