nbd freeze exception?

To: debian-release@lists.debian.org
Subject: nbd freeze exception?
From: Wouter Verhelst <wouter@fosdem.org>
Date: Wed, 6 Mar 2013 13:58:24 +0100
Message-id: <[🔎] 20130306125824.GF31421@grep.be>

Hi folks,

I'd like to do an upload of a new upstream release of nbd.

I realize that we're pretty deep in the freeze and that now pobably
isn't a very good time to do that anymore. I'd still like that a freeze
exception.

Here's my rationale:

Since the release of NBD 3.2 in July last year, 46 patches have
accumulated. Many of these (though certainly not all) fix fairly
important bugs. Some are crashing bugs, and most are cornercase things
that started showing up when people started to write verification tools,
and noticed that nbd-server didn't handle itself as it should when
provided strange input.

I should note that none of these bugs, if reported in Debian, would
warrant a release-critical severity, although one comes close[1].
However, several would warrant severity "important" instead, and it's
the sheer number of these important bugs which cause me to ask for this
exception.

Some of the bugs in question have, in fact, been reported through
Debian. If allowed, this upload would fix bugs 698870, 699371, 699373,
and 699374. I have also applied the patch in 685610, and would work on
fixes for two more severity:important bugs, 682188 and 690616.

Note that this list only mentions bugs reported through Debian; it does
not mention the bugs reported upstream, which are fairly numerous.

Given the current state of affairs, I would prefer that nbd 3.2 is not
released with wheezy, and that I be allowed to upload an nbd 3.3 (which
I still need to release upstream, first; this will happen soon).

What are my chances of that being allowed in?

[1] if the "allowlist" option is enabled, there is a remote DoS hole.
    The only reason this isn't RC, is because it's not enabled by
    default, and pretty much the only functionality it provides is that
    which triggers the remote DoS (it works perfectly the first time,
    but then the server predictably starts misbehaving, and my test
    suite didn't catch that).

-- 
Copyshops should do vouchers. So that next time some bureaucracy requires you
to mail a form in triplicate, you can mail it just once, add a voucher, and
save on postage.

Reply to:

Follow-Ups:
- Re: nbd freeze exception?
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Bug#702195: symlink conffiles are not supported, causing problems for dpkg on upgrade/removal and incorrect debsums reports
Next by Date: Bug#692212: marked as done (unblock (pre-approval): pike7.8/7.8.700-2)
Previous by thread: Bug#702412: pre-approval unblock: postfix
Next by thread: Re: nbd freeze exception?
Index(es):
- Date
- Thread