Re: Please consider unblocking boxbackup_0.11~rc3~r2502-4

To: debian-release@lists.debian.org
Subject: Re: Please consider unblocking boxbackup_0.11~rc3~r2502-4
From: Reinhard Tartler <siretart@debian.org>
Date: Mon, 08 Nov 2010 08:06:11 +0100
Message-id: <[🔎] 8762w847mk.fsf@faui44a.informatik.uni-erlangen.de>
References: <87y69ybimy.fsf@faui44a.informatik.uni-erlangen.de> <4CC1B57B.4080606@dogguy.org> <878w1q12q6.fsf@faui44a.informatik.uni-erlangen.de> <4CC1EE1D.5040308@dogguy.org>

On Fri, Oct 22, 2010 at 22:03:41 (CEST), Mehdi Dogguy wrote:

> On 10/22/2010 08:50 PM, Reinhard Tartler wrote:
>> 
>> I have to admit that I noticed too late that the rc3 version didn't 
>> make it to testing because of the missing build; I just assumed rc3 
>> was already in and don't really remember what exactly changed. 
>> However, I do remember (several) FTBFS fixes and rather conservative 
>> upstream changes. I do know that the current binary works, but in 
>> case we need to include some security update after release, I fear
>> we won't be able to offer updated packages.
>> 
>
> We are currently really not able to accept rc3 in Squeeze because rc3
> never migrated (since April *2009*). If you are not able to provide
> security support for it during Squeeze's lifetime, the single action we
> are able to perform is adding a removal hint for it.

I've spoken to upstream, and they are (of course) also rather unhappy
about it. Still, since boxackup did work in lenny and I don't want these
users to be left in the cold, I've uploaded a new package with a minimal
fix for #601506.

diff -u boxbackup-0.11~rc2/debian/changelog boxbackup-0.11~rc2/debian/changelog
--- boxbackup-0.11~rc2/debian/changelog
+++ boxbackup-0.11~rc2/debian/changelog
@@ -1,3 +1,11 @@
+boxbackup (0.11~rc2-7) testing; urgency=low
+
+  * bin/bbstored/bbstored-certs: reduce root CA expiration date to avoid
+    Y2k38 overflow. Thanks to Clint Adams <schizo@debian.org> for
+    reporting it. Closes: #601506
+
+ -- Reinhard Tartler <siretart@tauware.de>  Fri, 05 Nov 2010 17:09:17 +0100
+
 boxbackup (0.11~rc2-6) unstable; urgency=low
 
   * Fix shell scripting in the debconf interaction code of the package's
only in patch2:
unchanged:
--- boxbackup-0.11~rc2.orig/bin/bbstored/bbstored-certs.in
+++ boxbackup-0.11~rc2/bin/bbstored/bbstored-certs.in
@@ -2,10 +2,10 @@
 use strict;
 
 # validity period for root certificates -- default is a very long time
-my $root_sign_period = '10000';
+my $root_sign_period = '5000';
 
 # but less so for client certificates
-my $sign_period = '5000';
+my $sign_period = '3000';
 
 # check and get command line parameters
 if($#ARGV < 1)

Please approve for squeeze.

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Reply to:

Follow-Ups:
- Re: Please consider unblocking boxbackup_0.11~rc3~r2502-4
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: Please consider unblocking boxbackup_0.11~rc3~r2502-4
  - From: Christian PERRIER <bubulle@debian.org>

Prev by Date: Re: please unblock package iceweasel-l10n for squeeze
Next by Date: Re: libgd2-noxpm propagation to Debian testing
Previous by thread: Re: Bug#602778: one project packages twice (u-boot and uboot-mkimage)
Next by thread: Re: Please consider unblocking boxbackup_0.11~rc3~r2502-4
Index(es):
- Date
- Thread