Would it be possible to provide tiger 3.2.2-6 in lenny?

To: Debian Release Mailing List <debian-release@lists.debian.org>
Subject: Would it be possible to provide tiger 3.2.2-6 in lenny?
From: Javier Fernández-Sanguino Peña <jfs@computer.org>
Date: Tue, 9 Sep 2008 12:01:27 +0200
Message-id: <[🔎] 20080909100127.GA14240@javifsp.no-ip.org>
Mail-followup-to: Debian Release Mailing List <debian-release@lists.debian.org>

(CC: me on replies, I'm not in the list)

Hi there,

Yesterday I uploaded a new version of package for the Tiger security tool
(3.2.2-6) which introduces fixes to bugs in Debian's (and upstream's) BTS
that I believe might be proper to include in lenny for the benefit of Tiger
users:

- Uses UCF to handle configuration file changes.  This was reported as a
  'normal' severity bug (see #341595) but is actually 'serious' bug since the
  Tiger postinst was modifying a conffile (policy violation) and dpkg was
  always prompting users for configuration file changes on upgrades.

- Updates filesystems recognised by Tiger, issues related to this problem
  have been considered 'Critical' in upstream's BTS [1] but only 'normal'
  in bugs submitted by Debian users [2]. 

  When this bug strikes a user his mail is spammed with warning messages
  through email every time one of the scripts that analyses the filesystem
  was run. This happened (in the default package) configuration:
     - every 8 hours (check_known script)
     - every day at 5 am (check_perms script)
     - once a month (find_files)

  I think that Debian users did not properly setup the severity of these
  bugs. For example, any user running an encrypted filesystem would be
  affected.. I have adjusted the severity of some of these bugs, based on the
  number of users that could be affected (some of the bug reported are
  related to exotical filesystems and not that common)

- Instead of using /var/run/tiger/work for workfiles, it uses /var/lib/tiger/work.
  This is FHS-compliant and it also fixes a bug reported as 'Critical'
  upstream [3] and as 'normal' in Debian [4]

This package revision has also some cosmetic changes in order to reduce the
sice of the diff.gz we distribute (we were shipping automatically-generated
content), fixes to 'normal' severity bugs (Closes: #445531, #349391) and some
other minor cleanups.

I would like this version to be migrated to testing, if the release team
approves it. Could that be possible?

If not, should I do then a lenny-targeted upload fixing only some of the
bugs? (In this case I guess I would upload fixes only for #341595, #486591,
#483727 and #490822)

Thanks

Javier


[1] https://savannah.nongnu.org/bugs/index.php?23503
https://savannah.nongnu.org/bugs/index.php?23043
https://savannah.nongnu.org/bugs/index.php?14299
https://savannah.nongnu.org/bugs/index.php?14028

[2] The following Debian bugs were related to this issue #498203, #483727,
#469685, #490344, #490822, #451879

[3] https://savannah.nongnu.org/bugs/index.php?17513
[4] http://bugs.debian.org/486591

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Would it be possible to provide tiger 3.2.2-6 in lenny?
  - From: Marc 'HE' Brockschmidt <he@ftwca.de>

Prev by Date: Xorp 1.5 uploaded to unstable (was Re: Would it be possible to provide Xorp 1.5 in lenny?)
Next by Date: Re: approval for planned upload of ipplan 4.86a-6
Previous by thread: Re: Xorp 1.5 uploaded to unstable (was Re: Would it be possible to provide Xorp 1.5 in lenny?)
Next by thread: Re: Would it be possible to provide tiger 3.2.2-6 in lenny?
Index(es):
- Date
- Thread