[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#687617: marked as done (unblock: openarena/0.8.8-5+deb7u2)

Your message dated Fri, 7 Dec 2012 11:50:18 +0100
with message-id <20121207105018.GD5634@radis.cristau.org>
and subject line Re: Bug#687617: unblock: openarena/0.8.8-5+deb7u2
has caused the Debian Bug report #687617,
regarding unblock: openarena/0.8.8-5+deb7u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
687617: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687617
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

The ioquake3 engine has an option to auto-download missing maps, mods etc.
(PK3 files) from multiplayer servers. It is off by default, but many users
and mod communities encourage switching it on, since it makes playing on
modified or updated multiplayer servers considerably more straightforward.
Switching it on is a security risk, because PK3 files can also contain
executable bytecode: it's executed in a sandbox, but that sandbox is
unlikely to be perfect.

In tremulous, an old fork of ioquake3 which hadn't had the benefit of some
more recent ioquake3 work on hardening the sandbox environment, I turned off
auto-downloading entirely.

When I suggested[1] doing the same to ioquake3, which would affect openarena
in main and quake3 in contrib), unanimous feedback from users and the Games
Team was that they would prefer an "are you sure?" prompt when auto-downloading
was enabled. This moves the change from ioquake3 to openarena, since it's
openarena that provides the user interface.

Would the Release Team be OK with unblocking an openarena package that
added such a prompt? The change would look something like [2],
which I just uploaded to experimental. I'm hoping others in the Games Team
can improve the wording/display before this reaches unstable or testing.

Quake III Arena doesn't have UI for the auto-downloading option. I'm going
to assume that anyone who enables it using console commands knows what
they're doing...

Regards,
    S

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686648
[2] http://anonscm.debian.org/gitweb/?p=pkg-games/openarena.git;a=commitdiff;h=eed3e6469368c38276d2d79abae89f81d881fb71

--- End Message ---
--- Begin Message --- 
On Fri, Dec  7, 2012 at 10:11:40 +0000, Simon McVittie wrote:

> retitle 687617 unblock: openarena/0.8.8-5+deb7u2
> thanks
> 
> On Sun, 02 Dec 2012 at 11:56:55 +0100, Julien Cristau wrote:
> > In that case no objection.  Let us know when this has spent a while in
> > sid.
> 
> I noticed a more significant bug (serious due to Policy §12.5, IMO) while
> testing the new version, so I fixed that too, and am following up to this
> unblock bug sooner than I'd intended.
> 
> Let me know if you want me to back out either of these changes to get the
> other one in sooner; the new changes are pretty simple.
> 
> (There's no explicit diff to make openarena-dbg not depend on
> openarena-server, because it previously picked it up via ${misc:Depends}.)
> 
> Source debdiff attached.
> 
Unblocked.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature


--- End Message ---
Reply to: