On 19.01.2013 12:35, Julien Cristau wrote: > On Wed, Jan 9, 2013 at 14:51:55 +0100, Michael Biebl wrote: >> In case you are wondering, why the gvfs Breaks was kept: We noticed in >> our upgrade tests, that only packages with an (indirect) dependency on >> libgdk-pixbuf2.0-0 were causing problems. So only those were dropped. >> > Does keeping the breaks on just gvfs+gdm3 also cause upgrade issues? If > yes, I'd like this to wait until SRM gets a chance to look at the gdm3 > pu. When I keep gdm3, the upgrade still fails. As mentioned, I needed to drop all Breaks which had an indirect or direct dependency on libgdk-pixbuf2.0-0, which gdm3 has. I've been talking to Joss regarding gdm3/stable, and I wasn't able to actually find a dialog or anything where I could trigger an URI open request. Joss couldn't remember anymore, how he was able to exploit that and if gdm3/stable is actually vulnerable to such an attack. So we concluded that the stable upload is more of a precautionary measure. We shouldn't block the glib2.0 unblock for this. Having a working upgrade path is more important. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
Attachment:
signature.asc
Description: OpenPGP digital signature