On Wed, 13 Oct 2010 12:35:30 +0200, Peter Rabbitson wrote: > Package: libclass-accessor-grouped-perl > Version: 0.09003-1 > Severity: important > Tags: patch > > > A bit over a year ago optional support for Class::XSAccessor was introduced > to generate lightning-fast 'simple'-group accessors. However it recently a > number of oversights became apparent, all of which were fixed in the latest > version on CPAN 0.09008. The identified and fixed problems are: > > * Any accessors of type 'simple' (arguably the most used ones) that are > declared as read-only or write-only, will silently turn into read-writer ones > when Class::XSAccessor is present in @INC > > * If Class::XSAccessor is present in @INC set_simple/get_simple methods will > no longer be invoked, even if the underlying program defines custom versions > of these methods > > Note that it doesn't matter wether Class::XSAccessor was installed via dpkg > or if it has been locally cpan'ed - all it takes is for the perl interpreter > to find it somehow. > > Please consider upgrading the squeeze version, as the current one (0.09003-1) > is too vulnerable to spooky action at a distance. Dear release team, I'd like to ask for your advice on how to handle this issue. Some facts: * Peter Rabbitson is the upstream author and knows best the problem and fixes :) He has contacted us via IRC and is happy to help in any way in solving the problem. - Please CC him on replies. * testing has 0.09003-1, unstable unfortunately already has 0.09006-1, and 0.09008 is the new upstream release which contains the fixes. * The diff between 0.09003 and 0.09008 is not exactly minimal: http://search.cpan.org/diff?from=Class-Accessor-Grouped-0.09003&to=Class-Accessor-Grouped-0.09008 (although the only relevant changes are in lib/Class/Accessor/Grouped.pm, the rest is build system (inc/Module/), docs, tests, ...) The options I see now are: - Upload 0.09008 to unstable and unblock it; but I guess that doesn't conform to the current freeze policy due to the size of the diff. - Create a patch against 0.09003 that contains only the necessary changes (lib/Class/Accessor/Grouped.pm and the test cases?), and upload to t-p-u. - (Create a patch against 0.09006 and upload via unstable.) Peter has offered to backport the changes and create an as-minimal-as-possible patch against 0.09003 (or 0.09006), with or without test cases, but we'd like to clarify the way to proceed before wasting time :) Thanks in advance, gregor -- .''`. http://info.comodo.priv.at/ -- GPG key IDs: 0x8649AA06, 0x00F3CFE4 : :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/ `. `' Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe `- NP: Phil Collins: Inside Out
Attachment:
signature.asc
Description: Digital signature