Bug#610292: unblock: iceowl/1.0~b1+dfsg2-1

To: Moritz Mühlenhoff <jmm@inutil.org>
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 610292@bugs.debian.org
Subject: Bug#610292: unblock: iceowl/1.0~b1+dfsg2-1
From: Guido Günther <agx@sigxcpu.org>
Date: Sun, 30 Jan 2011 16:12:21 +0100
Message-id: <[🔎] 20110130151221.GA3731@bogon.sigxcpu.org>
Reply-to: Guido Günther <agx@sigxcpu.org>, 610292@bugs.debian.org
In-reply-to: <[🔎] 20110130133017.GC2422@pisco.westfalen.local>
References: <[🔎] 20110117082838.GA29439@bogon.sigxcpu.org> <[🔎] 1295901818.2202.475.camel@hathi.jungle.funky-badger.org> <[🔎] 20110125081559.GC30788@bogon.sigxcpu.org> <[🔎] 1296323323.3206.2796.camel@hathi.jungle.funky-badger.org> <[🔎] 20110129185238.GA24998@bogon.sigxcpu.org> <[🔎] 20110130133017.GC2422@pisco.westfalen.local>

On Sun, Jan 30, 2011 at 02:30:17PM +0100, Moritz Mühlenhoff wrote:
> On Sat, Jan 29, 2011 at 07:52:38PM +0100, Guido Günther wrote:
> > On Sat, Jan 29, 2011 at 05:48:43PM +0000, Adam D. Barratt wrote:
> > > On Tue, 2011-01-25 at 09:16 +0100, Guido Günther wrote:
> > > > On Mon, Jan 24, 2011 at 08:43:38PM +0000, Adam D. Barratt wrote:
> > > > > The main problem I'm having with looking at this is the size of the diff
> > > > > that gets introduced as a result.  Even after ignoring the test suite,
> > > > > the embedded copy of sqlite3 and the autoconf patches, I'm still left
> > > > > with
> > > > > 
> > > > >  2061 files changed, 65055 insertions(+), 96419 deletions(-)
> > > > > 
> > > > > which isn't particularly fun. :-/
> > > > Yes, I agree - updating from 3.0.0 to 3.0.11 sucks but it will allow us
> > > > to track icedove's security releases from now on with minimal impact.
> > > [...]
> > > > I fully understand that making these changes that late in the release is
> > > > a bad thing but shipping unpatched xulrunner that reads external
> > > > calendar data isn't great either. If the changes are too big we should
> > > > reconsider pulling iceowl from squeeze. We could then come back with a
> > > > better synched package for wheezy.
> > > 
> > > So, I really should stop procrastinating on this. :-/
> > > 
> > > Would I be correct in assuming that even with the new upstream tarball
> > > the package would still not get official support from the security team
> > > and any required security updates would have to go via proposed-updates?
> > I'm cc'ing Moritz for his opinion on this. With the new version based on
> > the icedove tarball it would be simple enough to handle the xulrunner
> > flaws via that path.
> 
> If iceowl uses the same Mozilla code base branch as the iceweasel source
> package (which provides the xulrunner libs in Squeeze) and the iceowl
> maintainers provide packages, we can fix in security updates. Iceweasel
> updates are an order of a magnitude more critical, though.

We use the icedove tarball[1] not the iceweasel one but the effect is
the basically the same. We can reuse the security work done for icedove.
Cheers,
 -- Guido

[1] since both are based on comm-central

Reply to:

References:
- Bug#610292: unblock: iceowl/1.0~b1+dfsg2-1
  - From: Guido Günther <agx@sigxcpu.org>
- Bug#610292: unblock: iceowl/1.0~b1+dfsg2-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#610292: unblock: iceowl/1.0~b1+dfsg2-1
  - From: Guido Günther <agx@sigxcpu.org>
- Bug#610292: unblock: iceowl/1.0~b1+dfsg2-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#610292: unblock: iceowl/1.0~b1+dfsg2-1
  - From: Guido Günther <agx@sigxcpu.org>
- Bug#610292: unblock: iceowl/1.0~b1+dfsg2-1
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Bug#611536: unblock: maradns/1.4.03-1.1
Next by Date: Bug#611536: marked as done (unblock: maradns/1.4.03-1.1)
Previous by thread: Bug#610292: unblock: iceowl/1.0~b1+dfsg2-1
Next by thread: Bug#610292: marked as done (unblock: iceowl/1.0~b1+dfsg2-1)
Index(es):
- Date
- Thread