Bug#807855: jessie-pu: package shotwell/0.20.1-1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + moreinfo

On Sun, 2015-12-13 at 20:59 +0100, Jörg Frings-Fürst wrote:
> Correct CVE TEMP-0807110-881366

+  * CVE TEMP-0807110-881366 (Closes: #807110):

Don't do that. For one thing, "CVE TEMP-*" makes no sense - it's *not* a
CVE identifier.

TEMP-* identifiers are not meaningful outside of (or even guaranteed
stable within) the Security Tracker and will cease to exist once a CVE
has been assigned. The Security Team have explicitly asked for them not
to be used in changelogs - see
https://lists.debian.org/20150514030904.GA30219@eldamar.local for
example.

+      + 0500-Port-to-webkit2gtk-40.patch
[...]
+    - Port to webkit2gtk-4.0:
+      + debian/control Replace Build-Depeds libwebkitgtk-3.0-dev
+        with libwebkit2gtk-4.0-dev.

That's not really the sort of thing we'd expect to see in a stable
update, particularly when it results in:

 7 files changed, 1152 insertions(+), 1 deletion(-)

Is there really no way of fixing this using the existing webkit version?

Regards,

Adam