Bug#882904: MariaDB 10.0.33 to next Jessie point release

To: Otto Kekäläinen <otto@debian.org>, 882904@bugs.debian.org
Subject: Bug#882904: MariaDB 10.0.33 to next Jessie point release
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 27 Nov 2017 19:50:52 +0000
Message-id: <[🔎] 1511812252.2600.48.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 882904@bugs.debian.org
In-reply-to: <[🔎] CAHj_TLBa1yiUdirGcTTw0p95-B-4o7sJLRchUgAXeKbwA_9mzw@mail.gmail.com>
References: <[🔎] CAHj_TLBa1yiUdirGcTTw0p95-B-4o7sJLRchUgAXeKbwA_9mzw@mail.gmail.com> <[🔎] CAHj_TLBa1yiUdirGcTTw0p95-B-4o7sJLRchUgAXeKbwA_9mzw@mail.gmail.com>

user release.debian.org@packages.debian.org
usertags 882904 + pu
tags 882904 + jessie moreinfo
retitle 882904 pu: package mariadb/10.0.33
thanks

[If you're unable or unwilling to add the correct metadata yourself,
please at least use reportbug so that it does it for you.]

On Mon, 2017-11-27 at 21:23 +0200, Otto Kekäläinen wrote:
> I hereby request permission from the release team to upload
> mariadb-10.0 release 10.0.33-1 to the next Jessie point release.
> 
> This upload does not strictly qualify the criteria listed at
> https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upl
> oad-stable
> but the security team suggested this upstream micro release, which
> contains a few minor security fixes, would be a good fit for a stable
> point release instead of going in as an urgent security update.
> 
> Current changelog draft:
> 
> +mariadb-10.0 (10.0.33-0+deb8u1) jessie; urgency=medium
> +
> + * New upstream version 10.0.33. Includes fixes for the following
> + security vulnerabilities:
> + - CVE-2017-10378, MDEV-13819
> + - CVE-2017-10268
> + * Refresh patches on top of MariaDB 10.0.33
> +
> + -- Otto Kekäläinen <otto@debian.org> Tue, 21 Nov 2017 11:05:51
> +0100
> 
> 
> I will prepare the final changelog when I have thumbs up from you to
> do so.

You appear to be stuck in a little bit of a chicken-and-egg situation,
given that the final decision as to whether to accept the package will
be based on a diff of the final source package.

> Please also advise me on what is the correct revision string
> and release pocket string – my experience is mostly about security
> uploads, very seldom have I done point release stable updates.

The version number style for both security and stable updates are the
same, so 10.0.33-0+deb8u1. The suite name in the changelog ("pocket" is
an Ubuntuism, not used in Debian) should be "jessie".

> Here is debdiff for current git head;
> https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/debia
> n/?id2=debian/10.0.32-1&id=jessie
> 
> and diff off the whole package, including upstream sources:
> https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/?id2=
> debian/10.0.32-1&id=jessie

We very much prefer diffs to form part of the bug log, not least
because they're guaranteed to persist in that manner.

Regards,

Adam

Reply to:

Follow-Ups:
- Processed: Re: Bug#882904: MariaDB 10.0.33 to next Jessie point release
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#882904: MariaDB 10.0.33 to next Jessie point release
  - From: Otto Kekäläinen <otto@debian.org>

Prev by Date: Bug#882909: jessie-pu: package mariab-10.1/10.0.33-1
Next by Date: Processed: forcibly merging 882904 882909
Previous by thread: Bug#882904: MariaDB 10.0.33 to next Jessie point release
Next by thread: Processed: Re: Bug#882904: MariaDB 10.0.33 to next Jessie point release
Index(es):
- Date
- Thread