[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#674006: libwvstreams4.6-base 4.6.1-4 ----- wvdial stopped working

The purpose of this email is to set forth the reasons for raising the severity of this bug
and describe my intentions.

1) I intend to increase the severity to release critical.

The Debian document regarding severity states:

makes unrelated software on the system (or the whole system) break, or causes serious data loss, or introduces a security hole on systems where you install the package.

I encountered this bug when a fellow Debian user did a "apt-get dist-upgrade" from squeeze to wheezy.
(The machine has had dist-upgrades going back as far as etch)
That machine has internet access only through a 3G modem at the site it is located.
After the apt-get dist-upgade the machine was restarted and failed to connect to the internet.
This made the machine completely unusable for the purposes of network access.
Since no other forms of network access are available at that site the machine would not have been
able to receive security updates either.
The machine was transported to a wired network site [my place :-) ] to allow downgrading of this package
from snapshots since this bug completely prevents network access if wvdial is used as
the only 3G dialer.
Subsequently network-manager has been installed on this machine to provide additional 3G modem dialer support.
(Network-manager did not provide a dialer when 3G access was originally installed on this machine).

I believe these facts constitute that this bug made unrelated software (browser, ssh , mail etc.)
broken. Since the only network access was via this package - the completely unavailable
network seriously compromised this machine. If left it in this state it would also have led to
security holes accumulating.

On reading of Debian guidelines I conclude this constituted a release critical bug for this machine.

2) Subject to my ability to gain access to hardware which I do not own, I intend to test the fedora patch
and make it available on BTS followed by preparing for a NMU to be made available on Debian QA mailing list.
The package has been abandoned upstream (homepage links are now non-existent).
It is also orphaned in Debian. My intention is only to prevent users upgrading to wheezy getting a "surprise".
I urge other users reading this to move to network-manager if possible before a dist-upgrade
since network-manager appears better supported.

I apologize for my intention not to assist in subsequent maintaining of this package after working on this bug.
My decision is significantly influenced by the pejorative comments made about this software by one
of the original authors at the following URL:- http://apenwarr.ca/log/?m=200912

with best regards,

Reply to: