[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: List of bugs that *must* be fixed before releasing Slink

All right, here's the revised list (removing anything that someone confirmed
as almost done.)

Quoting Michael Stone (mstone@cs.loyola.edu):
> > apache            32204  user directories allow symlinks to other files [0]  (Johnie Ingram <johnie@debian.org>)
> 
> There's a suggested fix in the bug report. Is it problematic?
> 
> > boot-floppies     32269  partion harddisk fails if WIN95_EXTENDED present [0]  (Enrique Zanardi <debian-boot@lists.debian.org>)
> 
> The report log is a little unclear. It looks like there is a version of cfdisk
> that works...are we just waiting for an upload?
> 
> > dpkg              17624  dpkg: installs regular dir when .deb contains symlink ! [364]  (Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>)
> > dpkg              21182  dpkg: dpkg can go into an infinite loop with --force-configure-any [288]  (Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>)
> > dpkg              28519  dpkg: dpkg creates circular symlinks [93]  (Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>)
> > dpkg              30090  weirdass dpkg coredumps and xbase upgrade insanity [62]  (Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>)
> > dpkg              30891  dpkg: Patch for update-alternatives to fix jdk problems [40]  (Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>)
> > dpkg              32283  xbase postinst refers to nonexistent README.Debian [0]  (Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>)
> 
> No one ever wants to touch dpkg...

> > dpkg-dev          31508  parsechangelog broken? [22]  (Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>) 

This is supposed to have an attached fix.

> > dpkg              28817  dpkg takes no care over libdpkg [87]  (Ian Jackson and others <dpkg-maint@chiark.greenend.org.uk>)

Wichert argues whether this one's really release critical.

> > ftp.debian.org    31282  upgrade-1386 directory in Incoming [30]  (Guy Maor <ftpmaster@debian.org>)
> 
> ?
> 
> > general           28850  gettext: security problem when used in setuid programs [0]  (debian-devel@lists.debian.org)
> 
> What needs to be done here? 

This needs maintainers of setuid/root-run programs to check their stuff. Is
there a way for non-maintainers to help with this, or do we just hope it gets
done? Is there a way for maintainers to indicate they've already checked their
packages?

> > jdk1.1            32548  Java doesn't work at all for me on slink [0]  (Stephen Zander <gibreel@debian.org>)

Someone might be working on this?

> > lyx               32299  LyX Copyright problems [0]  (Stuart Lamble <lamble@yoyo.cc.monash.edu.au>)

There should be a new license waiting to be packaged.

> > nonus.debian.org  23780  nonus.debian.org: libssl-dev is obsolete [220]  (Heiko Schlittermann <heiko@datom.de>)
> > nonus.debian.org  26443  nonus.debian.org: apache-common_1.3.0+1.19 is obsolete [144]  (Heiko Schlittermann <heiko@datom.de>)
> > nonus.debian.org  29246  nonus.debian.org: remove fortify-unix-ppc_1.2.8-1.deb [79]  (Heiko Schlittermann <heiko@datom.de>)
> > nonus.debian.org  31326  Broken symlinks on nonus.debian.org [29]  (Heiko Schlittermann <heiko@datom.de>)
> > nonus.debian.org  32171  umet dependency for mutt-i [8]  (Heiko Schlittermann <heiko@datom.de>)

mutt-i just need to disappear, right? Or should we do another virtual package
to get mutt to install in its place?

> Will non-us ever be fixed?

All I've heard is agreement that this situation is non-optimal. 
(Or words to that effect :)

> > perl-suid         31904  [B.A.McCauley@BHAM.AC.UK: Secuity hole with perl (suidperl) and nosuid mounts on Linux] [13]  (Darren Stalder <torin@daft.com>)

This still needs a good solution.

> > smb2www           32131  smb2www: smb2www in slink incompatible with samba in slink [9]  (Craig Small <csmall@debian.org>)
> 
> Is the potato version going to be installed, or is there another fix?
> 
> > wdm               32485  wdm: Doesn't let people log on when using MD5 passwords [0]  (mmagallo@debian.org (Marcelo E. Magallon))
> 
> Looks like this needs a patch.
> 
> > wdm               32529  Typo in Xsession [0]  (mmagallo@debian.org (Marcelo E. Magallon))
> 
> Log's unclear again; is this really an xbase problem? Is it fixed?
> 
> > xbase             30852  X packages do not upgrade automatically due to name change. [41]  (Branden Robinson <branden@debian.org>)
> > xdm               29360  xdm: Stopped X without warning/asking [77]  (Branden Robinson <branden@debian.org>)
> > xlib6             31610  xlib6: requires gcc but declares no dependency (dpkg --print-gnu-build-architecture?) [20]  (Branden Robinson <branden@debian.org>)
> > xserver-common    29166  xserver-common: should depend or at least recommend properly ver'd xlib6g [81]  (Branden Robinson <branden@debian.org>)

There's supposed to be a new version of the X stuff; does it fix all of these?
(Someone want to summarize the changelog? :)


So, what's left? Looks like fairly simple fixes for apache, boot-floppies,
dpkg-dev, lyx, and smb2www.  There's a mess of dpkg and non-us probs that'll
just fester. jdk supposedly has someone working on it? perl-suid needs a good
solution, as does wdm (which I'm getting a copy of now.) And we need to
address the gettext problem. How much longer?

Mike Stone
Reply to: