Re: Please consider unblocking boxbackup_0.11~rc3~r2502-4
On Fri, Oct 22, 2010 at 22:03:41 (CEST), Mehdi Dogguy wrote:
> On 10/22/2010 08:50 PM, Reinhard Tartler wrote:
>>
>> I have to admit that I noticed too late that the rc3 version didn't
>> make it to testing because of the missing build; I just assumed rc3
>> was already in and don't really remember what exactly changed.
>> However, I do remember (several) FTBFS fixes and rather conservative
>> upstream changes. I do know that the current binary works, but in
>> case we need to include some security update after release, I fear
>> we won't be able to offer updated packages.
>>
>
> We are currently really not able to accept rc3 in Squeeze because rc3
> never migrated (since April *2009*). If you are not able to provide
> security support for it during Squeeze's lifetime, the single action we
> are able to perform is adding a removal hint for it.
I've spoken to upstream, and they are (of course) also rather unhappy
about it. Still, since boxackup did work in lenny and I don't want these
users to be left in the cold, I've uploaded a new package with a minimal
fix for #601506.
diff -u boxbackup-0.11~rc2/debian/changelog boxbackup-0.11~rc2/debian/changelog
--- boxbackup-0.11~rc2/debian/changelog
+++ boxbackup-0.11~rc2/debian/changelog
@@ -1,3 +1,11 @@
+boxbackup (0.11~rc2-7) testing; urgency=low
+
+ * bin/bbstored/bbstored-certs: reduce root CA expiration date to avoid
+ Y2k38 overflow. Thanks to Clint Adams <schizo@debian.org> for
+ reporting it. Closes: #601506
+
+ -- Reinhard Tartler <siretart@tauware.de> Fri, 05 Nov 2010 17:09:17 +0100
+
boxbackup (0.11~rc2-6) unstable; urgency=low
* Fix shell scripting in the debconf interaction code of the package's
only in patch2:
unchanged:
--- boxbackup-0.11~rc2.orig/bin/bbstored/bbstored-certs.in
+++ boxbackup-0.11~rc2/bin/bbstored/bbstored-certs.in
@@ -2,10 +2,10 @@
use strict;
# validity period for root certificates -- default is a very long time
-my $root_sign_period = '10000';
+my $root_sign_period = '5000';
# but less so for client certificates
-my $sign_period = '5000';
+my $sign_period = '3000';
# check and get command line parameters
if($#ARGV < 1)
Please approve for squeeze.
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
Reply to: