Bug#555361: hplip: Embedded code copy of python-pexpect
On Tue 11 Jan 2022 at 08:07:35 +0800, Paul Wise wrote:
> Control: reopen -1
> Control: found -1 3.21.8+dfsg0-2
>
> On Mon, 2022-01-10 at 20:54 +0000, Brian Potkin wrote:
>
> > Use of our limited, volunteer supported resources is best served by not
> > keeping open inactive bugs any longer than desirable, especially in
> > cases where the package concerned is older than the current stable
> > Debian version and upstream support has been limited. Consequently, the
> > report is now being closed.
>
> This is not very respectful of our users and social contract.
>
> Users should be given the opportunity to reproduce old bugs before they
> are summarily closed without any attempt at reproducing them. Old bugs
> are extremely likely to still be present, them being open usually means
> no-one bothered to look at and fix them, at least in my experience.
>
> The social contract states that we should not hide bugs. Closing old
> bugs without attempting to verify if they are fixed or giving users the
> opportunity to do so is definitely hiding bugs.
>
> https://www.debian.org/social_contract
>
> When the bug is trivial to verify if it is still present or not,
> you should at very least run the two commands needed to do that:
>
> $ chronic apt source hplip
> $ find -iwholename '*expect*'
> ./hplip-3.21.8+dfsg0/base/pexpect
> ./hplip-3.21.8+dfsg0/base/pexpect/__init__.py
>
> Please also notify the security team of the embedded copy:
>
> https://wiki.debian.org/EmbeddedCopies
Thank you for reopening the report. The security team appears to be
aware of the embedded copy.
https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/embedded-code-copies
Regards,
Brian.
Reply to: