w3af (Re: pysvn: RC fix #678559 as new upstream release)
Hi,
> > Have you tested the reverse dependencies with the new
> > version (seems to be svn-workbench, svn-load, , ibid,
There's no reply from w3af maintainer so I've investigated it and
there is not a problem with updating pysvn. w3af uses pysvn for update
only, and its feature shouldn't work in Debian.
w3af needs pysvn to use auto-update feature, and it is not suitable for
Debian package binary. Debian w3af packages are installed into system
wide, not user's directory. So, if unprivilledged user would execute
update, w3af files would not be overwritten.
However, I've found this package needs to be patched, and also it's not
up-to-date upstream stable version (1.1) in testing/unstable (=1.0-rc3svn3489-1)
(even experimental=1.0.0-1). Outdated program is not good for users (and
also maintainer/security team), but there are 250 w3af users (by popcon),
just removing package is not good for them.
-----------------------------------------------------------------------------------------------
choices for w3af)
-----------------------------------------------------------------------------------------------
1. Not touch w3af
- easiest way
- needs simple patch to work with python2.6, at least
(Debian doesn't have python2.5 anymore, and its source says it
supports 2.6, not 2.7)
- outdated version (2 years ago), maybe not useful for users
2. Just remove w3af from testing
- easy
- no reverse dependency
- users cannot use w3af since Wheezy
3. update w3af
- violate basic freeze rule
(however, upstream 1.1 was released before freeze, 2011-11-10)
- need some work to update (I'll try)
- need some check if it works
Any comments?
--
Hideki Yamane <henrich@debian.or.jp>
Reply to: