Bug#836571: jessie-pu: package rabbitvcs/0.16-1

To: Christopher Hoskin <christopher.hoskin@gmail.com>, 836571@bugs.debian.org
Subject: Bug#836571: jessie-pu: package rabbitvcs/0.16-1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 04 Sep 2016 18:27:48 +0100
Message-id: <[🔎] 1473010068.2384.24.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 836571@bugs.debian.org
In-reply-to: <[🔎] 147297072313.12724.14243344567953525899.reportbug@TX100-S3P.lan>
References: <[🔎] 147297072313.12724.14243344567953525899.reportbug@TX100-S3P.lan>

Control: tags -1 +confirmed -patch +jessie
Control: severity -1 normal

On Sun, 2016-09-04 at 07:32 +0100, Christopher Hoskin wrote:
> Package: release.debian.org
> Severity: critical

*No*. The bug you're fixing may be critical, the request to fix it in
stable is at most normal.

> Tags: patch
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> The attached patch fixes bug #817231 in the rabbitvcs package. This is
> classified as a critical bug on the grounds that it can cause serious
> data loss (e.g. loss of entire home folder). There are several reports
> of this actually happening to users of the software on Debian and
> other systems:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817231
> https://github.com/rabbitvcs/rabbitvcs/issues/127
> http://askubuntu.com/questions/473433/rabbitsvn-deleted-all-my-folders
> https://github.com/rabbitvcs/rabbitvcs/issues/70
> 
> Bug #817231 has now been closed in unstable. Given the nature of the
> bug, I thought perhaps it should also be fixed in jessie-updates?

Given the fact that the package has no reverse-dependencies and before
your NMU in unstable had not been updated for two years, I wonder
whether removal might have been a better option.

> The attached patch acheives this. (I understand that the distribution
> needs to be set to jessie in debian/changelog, rather than {jessie|
> stable}-updates[0].)

One can't upload to stable-updates, indeed, rather by definition. (It's
an SRM-selected subset of packages in proposed-updates, not a standalone
target.)

I assume your rationale for suggesting a release via stable-updates,
rather than simply waiting for the next point release (which will be in
just under two weeks time) is the potential for data loss. Whilst this
is indeed unfortunate, I think we've only previously used -updates for
fixing RC bugs when they were regressions caused by other packages
published via -updates or in a point release.

+rabbitvcs (0.16-1.1) jessie; urgency=medium

That version number is wrong, for multiple reasons - most importantly,
that it's already been used for your NMU to unstable. Please use either
0.16-1+deb8u1 or 0.16-1.1~deb8u1, depending on whether the patch in the
jessie upload is applied to a fresh copy of 0.16-1 or the unstable
package is "backported".

With that fixed, please feel free to get the package uploaded.

Regards,

Adam

Reply to:

References:
- Bug#836571: jessie-pu: package rabbitvcs/0.16-1
  - From: Christopher Hoskin <christopher.hoskin@gmail.com>

Prev by Date: Bug#836592: jessie-pu: package gdcm/2.4.4-3
Next by Date: Processed: Re: Bug#836571: jessie-pu: package rabbitvcs/0.16-1
Previous by thread: Bug#836571: jessie-pu: package rabbitvcs/0.16-1
Next by thread: Processed: Re: Bug#836571: jessie-pu: package rabbitvcs/0.16-1
Index(es):
- Date
- Thread