Bug#773319: pre-approval: unblock: sudo/1.8.10p3-1.1; possibly sudo/1.8.11p2-1.1?

[Ivo De Decker <ivodd@debian.org>]

Control: tags -1 moreinfo

Hi,

On Tue, Dec 16, 2014 at 10:02:55PM +0100, Christian Kastner wrote:

(rearranging the original mail a bit)

> <controversial>
> Furthermore, I was wondering though whether you'd consider allowing
> sudo/1.8.11p2 from unstable to migrate.
> 
> The diff between testing and unstable is huge (MBs), so this would be
> very difficult to review and of course totally against freeze policy.
> However, I am under the impression that
> 
>   (a) it would be highly preferrable to support 1.8.11p2 in Jessie,
>       especially from a security POV
> 
>   (b) According to [2,3,4], most of the changes are bugfixes. In fact,
>       I only count 7 non-fix changes and non-translation changes,
>       and most of the fix changes appear to be highly desirable.
> 
> Furthermore, the largest part of this code base, [3], has unstable since
> 2014-10-10, and its migration to testing was only interrupted by the
> upload of revision -2 of [3] on 2014-10-20, so apparently juuust not
> enough for the full 10-day period. This upload merely added two patches.
> 
> Then again, on 2014-10-30, [4] was uploaded. This new upstream release
> contained only a single (apparently urgent) bugfix. However, this upload
> reset the 10-day clock again, so 1.8.11p* did not enter testing again.
> 
> So there really isn't anything that new to Debian in the version in
> unstable. Looking back, the easiest solution would probably have been to
> ask for an unblock of [4] (the one-change fix) just after its upload on
> 2014-10-30, but that's water under the bridge now.
> </controversial>

It baffles me that the maintainer showed such a blatant disregard for the
freeze policy. 1.8.11p1 could have migrated easily in October if the
maintainer paid even the slightest bit of attention.

> If allowing 1.8.11p2 to migrate is something you'd consider discussing,
> please let me know how I can help in your deliberations. 

Obviously it isn't going to be unblocked now.


> <simple>
> Based on a patch provided by upstream, I created a debdiff (attached)
> for 1.8.10p3 in testing with the following changelog entry:
> 
>      * Backport upstream's fix for host specifications using a FQDN.
>        These were no longer working since 1.8.8. Closes: #731583
> 
> Considering that the severity of #731583 is serious, I assume an upload
> to t-p-u should be OK?
> </simple>

I'm reluctant to allow this, as this essentially means dumping this new
version into jessie untested. I would prefer if it was just uploaded to
unstable (reverting the new upstream version there), to allow it to be tested
there, and migrate to jessie that way. If there is a good reason why this
isn't possible (if it introduces other issues in unstable by doing this),
please explain why and I'll consider allowing a t-p-u upload.

Please remove the moreinfo tag when you add info to this bug.

> If this change
> is simply too big, please let me know if you are OK with the t-p-u
> upload of the attached debdiff for 1.8.10p3, and I will then contact the
> maintainer / look for NMU sponsorship.

Cheers,

Ivo