Re: [Fwd: Re: Care to sponsor grass?]
On Sat, 2005-02-12 at 23:56 -0800, Steve Langasek wrote:
> On Sat, Feb 12, 2005 at 11:29:38PM -0500, Steve Halasz wrote:
> > My sponsor suggested I write to you and request that you consider the
> > grass package in the NEW queue for Sarge. It fixes an RC security bug
> > and a number of other problems.
>
> This bug is no longer RC because grass is no longer in testing (removed for
> precisely this bug). If you want grass to be considerd for sarge, I would
> recommend that you upload a version of the package that fixes the security
> bug without introducing changes that require NEW processing by ftpmasters.
>
I don't know if it's bad form to plead with the release team, but I'm
going to try anyway. The former maintainers of this package did not have
the time or maybe the interest to keep it up to date. I have spent a lot
of effort getting the latest release packaged and now the 5.0.3 version
that was in testing is old and busted and no longer maintained upstream.
I tried to get upstream to patch the tempfile security bug in 5.0.3, but
they had no interest. I can try to backport the fixes, but it will take
considerable time and effort. Also 5.0.3 had to be statically linked,
only builds on i386, and has a >30MB .deb. The 5.7.0+6.0.0beta2 package
is by far the most expedient cure for what ails grass in Debian. It will
be a much more current, usable, and maintainable offering for Sarge.
Thanks for your time,
Steve
Reply to: