Release Team, I would like to request pre-approval to upload cyrus-sasl2 (2.1.23.dfsg1-6) to sid, with the goal of having it migrate to squeeze. Please note that a very important point about this request is that the -6 package would have to pass through NEW. (Please see the attached diffstat and compressed diff for the gory details, as what follows is a narrative description of the situation.) This is the associated changelog entry: cyrus-sasl2 (2.1.23.dfsg1-6) unstable; urgency=low * Merge cyrus-sasl2 and cyrus-sasl2-heimdal source packages (Closes: #568358) + Build against new heimdal-multidev (Closes: #591147) * Properly detect presence of Heimdal (Closes: #590912); thanks tremendously to Russ Allbery for the patch Of the bug closures, #568358 is severity normal (but has significant positive security implications for the life of Squeeze), and then #591147 is severity grave and #590912 is severity serious. Additionally, #582040 (also severity grave) was closed in an NMU, but its propogation is being held up by the other two RC bugs. I will focus my comments on #568358 as the others are self explanatory. Several years ago, it was requested that version of the SASL GSSAPI modules compiled against the Heimdal Kerberos library be provided. At the time, the only modules available were compiled against MIT Kerberos. Users desiring Heimdal versions had to rebuild the package themselves. Part of the reason for that was that it was not possible to simultaneously install the Hiemdal and MIT Kerberos -dev packages, preventing the building of both sets of modules from a single source package. The solution at the time was to add a second source package (cyrus-sasl2-heimdal). This was less than optimal, but the only available option. This has resulted in some major annoyances: - Any upload of cyrus-sasl2 or cyrus-sasl2-heimdal must be accompanied by a source-ful upload of the other package, carrying the same source version (this impacts both NMUs and security uploads) - The debian/ directories must be manually kept in sync Today, thanks to the avilability of the heimdal-multidev and krb5-multidev packages, it is possible to have the MIT and Heimdal Kerberos -dev libraries concurrently installed. This makes it possible to build against both from within one source package. Merging the two source packages into one would eliminate both of these issues. Having both of these issues persist through the life of Squeeze would, IMHO, be a Bad Thing(TM). Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
cyrus-sasl2_consolidation.diff.gz
Description: Binary data
README.Debian-NMU | 11 -- changelog | 9 + control | 29 +++++ cyrus-sasl2-heimdal-dbg.postrm | 10 + cyrus-sasl2-heimdal-dbg.preinst | 10 + libsasl2-modules-gssapi-heimdal.dirs | 2 libsasl2-modules-gssapi-heimdal.install | 1 libsasl2-modules-gssapi-heimdal.lintian-overrides | 2 patches/0024_allow_detection_of_heimdal.dpatch | 22 ++++ patches/00list | 1 rules | 114 ++++++++++++++++------ sample/Makefile | 7 - 12 files changed, 172 insertions(+), 46 deletions(-)
Attachment:
signature.asc
Description: Digital signature