On Tue, Sep 13, 2005 at 11:45:52PM -0400, Joey Hess wrote: > Another pass over security holes that are fixed in unstable but not > testing. Not sure if these are still useful to send to -release. Yes, I think they are. > Testing team summary: well, of these asterisk, inkscape, some kde stuff, > lm-sensors, mysql-dfsg-4.1, and texmacs seem like the most likely > candidates for upload to secure-testing, although some of the holes may > not warrant a DTSA. FWIW, inkscape is in the libsigc++-2.0/libgc transition that's currently at the top of my hit list. > apache > m68k build needs requeued once deps are met > fftw3 > m68k FTBFS > netpbm > 8/10 days old > FTBFS on m68k (ICE) > rpm > FTBFS m68k (ICE) I'm forcing these in spite of the lack of m68k builds. Between ICEs and general sluggishness, m68k is not keeping up. I know the m68k porters are talking about putting new buildds on-line, but there are also a lot of KDE uploads coming that are going to bog it down further, and lots of m68k-specific toolchain problems that still need to be fixed. If we don't see improvement soon, I think the necessary next step is to ignore it for all packages (i.e., exclude it from the list of release candidates for the time being). > mysql-dfsg-4.1 > 26 days old > rc bug > FTBFS on m68k And no build log for the m68k failure to let people usefully debug it... The RC bug was apparently meant to be downgraded, and the maintainer missed. Downgrading now, and forcing in without m68k. > bzip > 8/10 days old > chmlib > 3/10 days old > courier > too young > gxine > too young > squid > too young > sqwebmail > too young Feel free to add urgent hints for any of these. > clamav (fixed in secure-testing) > 33 days old > blocked by gmp > kismet (fixed in secure-testing) > 23 days old > blocked by gmp This mainly means "blocked by kaffe", I think. > kdeedu > FTBFS on arm (ICE) > missing hppa and m68k builds Those will almost certainly be all the same ICE, actually. > lm-sensors > 23 days old > indirectly blocked by perl > net-snmp > too young > blocked by perl <grumble> > mozilla (partially fixed in secure-testing) > 41 days old, AKA, is this package being maintained? > rc bugs, FTBDS, etc I'll NMU this if no one else does, but it'll probably take me a day or two to get to it. > mozilla-firefox (partially fixed in secure-testing) > too young More that arm hasn't finished building it yet. > mozilla-thunderbird > 41 days old > FTBFS on alpha, arm, m68k ... with a patch in the BTS, if someone wants to NMU... > ntp > 177 days old > 3 RC bugs, max 98 days old, none with responses from maintainers > recommend removal from testing (and/or debian) Are these different security bugs than the ones already fixed via proposed-updates? > openmotif > 106 days old > non-free package, still missing s390 build > (I tried and failed to build this on raptor, machine is too > unstable.) This package really doesn't appear to have the necessary baseline support from porters and/or the maintainer to let us keep it around. There's a total of one package in testing still depending on openmotif; I think we should give the arb maintainer a shot at fixing it, and then drop it from testing if he doesn't get anywhere. > openssh > frozen, rc bug > security hole is minor (CAN-2005-2666) Pushed in. (The RC bug was reported against the version in stable, and should not be a blocker.) > php4 (fixed in secure-testing) > needs requeue on m68k once deps are satisfied Already in dep-wait. The version in unstable is stuck for a while, but the sarge security update is waiting in t-p-u for m68k to catch up. > python2.1 > alpha build succeeded 2 weeks ago but gone missing > mips, mipsel, powerpc builds ditto > blocked by gmp > python2.2 > FTBFS m68k (ICE) > FTBFS hppa > blocked by gmp No hope that we can get rid of these yet...? > xorg-x11 > too young > build needs retried on arm Currently listed as building on tofee. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. vorlon@debian.org http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature