Re: couchdb stable
On Fri, 2010-05-14 at 17:47 -0400, Sam Bisbee wrote:
> There's been a history of problems when upgrading between CouchDB versions that
> we released a patch for in 0.10.1-2: I patched the init file to wait for
> CouchDB to "really and truly" stop before continuing (@ rev1231). Without this,
> the removal process would continue without CouchDB really being stopped,
> causing problems. This is the same sort of idea that yaws, another erlang
> package, uses to deal with the same issue.
[...]
> Here's the revision with the 0.8.0-2+lenny1 back port:
> http://svn.debian.org/viewsvn/pkg-erlang?view=rev&revision=1231
The patch itself looks fine and under the circumstances the addition of
the procps dependency isn't unjustified (new dependencies generally set
off SRM alarms :-)
The new awk dependency should not be included, however. There are two
reasons - firstly, awk is pseudo-essential, as base-files pre-depends on
it; secondly, and were the first reason not applicable, adding a
dependency on awk to a stable update purely for "| awk '{print $2}'"
would be inappropriate ("cut" from coreutils would suffice, for
example).
> I would like to get this done soon so that we can release 0.11.0-1 to stable,
> as it contains a security fix for CVE-2010-00009, and stable needs to be
> freshened up badly.
stable doesn't get "freshened up" in terms of new upstream releases
(with a couple of notable exceptions which prove the rule).
A fix for CVE-2010-0009 in stable may well be appropriate, but updating
to 0.11.0-1 is not. After ignoring changes to autotools / libtool and
updates to the presumably-bundled Javascript libraries, the diffstat
between the two versions is
307 files changed, 40896 insertions(+), 8269 deletions(-)
which is far too large for a stable update.
Regards,
Adam
Reply to: