[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: util-linux for sarge

On Sun, Apr 03, 2005 at 08:50:07PM -0400, Theodore Ts'o wrote:
> On Sun, Apr 03, 2005 at 12:18:14AM -0800, Steve Langasek wrote:
> > 
> > Ok.  In the meantime, I think not being able to create new filesystems is a
> > grave bug that makes this version of the package unreleasable given that it
> > would completely break the installer on ia64 if it reached sarge.  Tagged
> > 'sid' so that it doesn't attract unnecessary attention.
> > 

> E2fsprogs has been frozen for months as it is part of base, so the "if
> it reached sarge" is rather moot.....

Well, except for the other recent discussion about how to get util-linux
updated for sarge, which makes it very relevant to know what RC bugs are in
the unstable version of the package it depends on. :)

The aim of the base freeze has been to avoid base system churn that would
interfere with development of the installer.  "Frozen" here doesn't mean "no
updates", it just means "the release team needs to know what's changing in
the base system and why, and be satisfied that things won't break".

On Sun, Mar 27, 2005 at 04:30:59PM -0500, Theodore Ts'o wrote:
> > There is a security vulnerability caused by mount using the older
> > version of libblkid1, which didn't verify that euid=uid before blindly
> > using an environment variable for a file name...

> There are also a bunch of core-dumping-or-at-that-level-of-severity
> bugs that have been fixed since the prehistoric era (when base was
> frozen -- OK, I'm only exagerating a little) in e2fsprogs 1.37.  On my
> todo list is to backport only the bugfixes, and submit them for t-p-u,
> but I haven't had the time to do that in the past couple of weeks.

Ok, I'll look forward to that.

> There is always going to be this issue, however, of an increasing
> number of bugs found in various frozen packages the longer we delay
> the release.  So having missed the original message which kicked off
> this thread, why do we need to go to a newer version of util-linux, as
> opposed to simply forward-porting the fixes?  I've resigned myself to
> being forced to do this with e2fsprogs --- why can't util-linux do the
> same thing?  

It has up to this point been less of a burden on the release team to take
frozen packages from unstable where possible than to have the updates go
through t-p-u.  If there are reasons why this is not possible (such as
302200), then of course t-p-u is appropriate.

Steve Langasek
postmodern programmer

Attachment: signature.asc
Description: Digital signature

Reply to: