Bug#768068: wheezy-pu: package boinc/7.0.27+dfsg-5+deb7u1

To: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>, 768068@bugs.debian.org
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#768068: wheezy-pu: package boinc/7.0.27+dfsg-5+deb7u1
From: Julien Cristau <jcristau@debian.org>
Date: Sat, 20 Feb 2016 17:14:25 +0000
Message-id: <[🔎] 20160220171425.GG6200@betterave.cristau.org>
Reply-to: Julien Cristau <jcristau@debian.org>, 768068@bugs.debian.org
In-reply-to: <914767393.987595.1426180577782.JavaMail.yahoo@mail.yahoo.com>
References: <1426111036.2308.22.camel@adam-barratt.org.uk> <914767393.987595.1426180577782.JavaMail.yahoo@mail.yahoo.com>

Control: tags -1 moreinfo

On Thu, Mar 12, 2015 at 17:16:17 +0000, Gianfranco Costamagna wrote:

> Hi Adam,
> 
> first, thanks for the review
> 
> >
> >With apologies for not getting a proper response to this sooner, some
> >queries...
> 
> 
> no problem :)
> >+  * Tried to fix CVE-2013-2298 and CVE-2013-2018.
> >I'm not hugely keen on "tried to fix". :-( Are they fixed or not?
> 
> 
> I tried to fix them (meaning I backported the patches and rebased on top of the version)
> 
> however we removed the build of the server packages, so the CVE is fixed, because we don't ship the code anymore.
> 
> if you ask me why we keep the patches, I answer "because users might download the source and build manually their server"
> 
I don't think that's reason enough to be touching the package in
(old)stable.  The initial message were also saying some of this is used
on the client side, which is it?

> 
> >+  * link_with_gold.patch: patched configure.ac to add -lX11 for linking client
> >+    with ld.gold.
> 
> >Hmmm, gold isn't the default linker in wheezy afair? I guess this isn't
> >crazy based on the Build-Depends change.
> 
> 
> don't know, I didn't change this :) if it is a problem I can put Guo in the loop (if he doesn't already monitor the bug)

It's an unnecessary change.  We don't like unnecessary changes in
(old)stable.

> +Subject: [PATCH] - client: don't show cache size in startup messages.
> 
> 
> yes, but again it is dead code :)
> >May well be taken from upstream, but appears to have nothing to do with
> >the content of the patch.
> 
> >+workaround-objcxx.patch
> 
> >What's the intent of this patch? It doesn't appear to be mentioned in
> >the changelog and only appears to touch code that's never going to be
> >used on Debian to begin with.
> 
> 
> seems an useless patch to me :)
> 
> >+wrapper.patch
> 
> >This also isn't mentioned in the changelog.
> 
> 
> safe patch, just adding some headers to avoid build failures with certain gcc versions...
> 
> should I make another upload?
> 
> really the debdiff can be so much reduced, I bringed up a wheezy branch and added the fixed on top of it...
> 
Again, we want to keep changes in (old)stable to a minimum.  So we would
prefer a minimal diff that doesn't try to fix issues that don't affect
the package in wheezy.

Cheers,
Julien

Reply to:

Prev by Date: Bug#796952: english language release notes pdf file is not english (https://www.debian.org/releases/stable/amd64/release-notes.en.pdf)
Next by Date: Processed: Re: Bug#768068: wheezy-pu: package boinc/7.0.27+dfsg-5+deb7u1
Previous by thread: Processed: Re: Bug#811395: jessie-pu: package ardour/1:2.8.16+git20131003-4
Next by thread: Processed: Re: Bug#768068: wheezy-pu: package boinc/7.0.27+dfsg-5+deb7u1
Index(es):
- Date
- Thread