severity 147187 important
thanks
On Mon, Mar 27, 2006 at 01:02:03AM -0500, Nathanael Nerode wrote:
> Currently the packages depending on xdelta (which has a long-standing grave bug
> which nobody has managed to track down, #147187) are
> gibraltar-bootsupport (not in testing)
> ttf-arphic-uming (just a Suggests)
> ttf-arphic-ukai (just a Suggests)
> How about removing xdelta from testing?
> And what do you think should be done about it in unstable? Forcible orphaning?
> Removal from unstable (requesting that gibraltar-bootsupport find an alternative)?
> What? (note that xdelta2 is already gone).
I am unconvinced that this bug in xdelta qualifies as release-critical. It
certainly isn't grave ("makes the package unusable"); the package can
definitely be used to apply xdelta patches made on machines of the same word
size, and to generate patches for use on machines of the same word size.
There is no architecture which is shipping broken binaries (ttbomk), it's
just that 32-bit xdelta files can't be used on 64-bit archs.
We might consider it a serious bug that the xdelta files are not
platform-neutral, but removing xdelta from Debian for this reason doesn't
benefit users who have need of tools to manipulate existing xdelta files.
It would also be nice if xdelta could recognize 32-bit xdelta files and
error out with a clear message about this, but a cleaner error message isn't
an RC issue -- and it wouldn't help for existing files which would have no
tag to indicate their word size.
The real fix is to not depend on the contents of the file to determine the
size of a static memory allocation; but there may be some security
implications to be considered here before making that change.
So in the meantime, I think downgrading this bug is best.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Attachment:
signature.asc
Description: Digital signature