Bug#678624: pu: package xz-utils/5.0.0-3
Adam D. Barratt wrote:
> [it's generally considered polite to note when you're adding CCs...]
Sorry about that. Will do so next time.
[...]
> Please go ahead with the upload.
Now that I look back over it, I would like to drop some changes ---
the upload was originally intended for stable, and parts of the upload
are less important for oldstable:
- static library breakage fix (#673001)
- liblzma-dev/doc/examples/ fix
- Czech translation typofix (#605762)
- Italian translation typofix
Fixes to the following would still be included in the update:
- invalid output for invalid checksum type
- invalid output from python-lzma compressing a zero-length file
- incorrect handling of such invalid streams by unxz
- wrong buffer refill handling leading to spurious LZMA_BUF_ERROR
("Compressed data is corrupt" or "Unexpected end of input")
- NULL pointer dereference on malloc failure
- buffer overflow from "-v -v --list" with malformed input
- xzegrep and xzfgrep = xzgrep
- loss of exit status from xzdiff foo.xz bar.xz (#635501)
- bad SIGPIPE handling in xzgrep
Would that be ok?
[...]
> Updates to oldstable and larger updates both tend to suffer due to
> taking longer to deal with (in the latter case) and generally being less
> urgent (in the former, due to the gap between point releases). I'm not
> sure that throwing more people at the problem will necessarily solve
> either of those in a useful way in the long term.
Sure, I agree that taking on new helpers takes time and blindly
throwing people at a problem is rarely helpful. And probably, getting
the stable update process to scale better would involve changing the
process a little (e.g., clearer guidelines for how long a response
should take so following up is easier; uploading changes that have not
been fully vetted to an archive area where people can help by testing;
etc). But the current process is only barely working, no?
The number of packages in Debian is still growing, so I'm worried.
Thanks,
Jonathan
Reply to: