[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#21412: tob deletes system files

Tim,

  Tim> Thanks for looking into this.

Well, that's what we're here for ;-)

  Tim>   You are correct that my system is Debian 1.3.  I went to
  Tim> "http://www.debian.org/packages.html";, did a search for tob, found
  Tim> tob_0.14-4 at
  Tim> "http://cgi.debian.org/www-master/debian.org/Packages/unstable/utils/tob.html";,
                                                             ^^^^^^^^
  Tim> downloaded and installed it.

You searched under 'unstable'. You should have searched under 'stable' (ie
selected the radio button for it) as 'stable' corresponds to Debian 1.3.

That would have lead you to tob_0.14-2 which is part of Debian 1.3 CD.

  Tim> No mention is made on the web page or from "dpkg --info
  Tim> tob_0.14-4.deb" of any package or Debian version (hamm or bo)
  Tim> dependencies, and it installs without error or warning messages.

Well, for binary packages, the dependency on libc6 ensures that you don't mix
libc5 (Debian 1.3) and libc6 (Debian 2.0).

As Joey Hess just pointed out, binary-all packages as tob need an explicit
dependency. So I just made tob_0.14-6 which I am uploading as we speak.

  Tim> So my question(s) would be:
  Tim> 
  Tim> 1. How is one to know that a hamm system is required for this package?

It's implicit as you took it from the 'unstable' tree.

  Tim> 2. I notice there is currently no mention of bug#21412 in the
  Tim> bug-tracking system.  Will this bug be considered closed?

Yes, I closed it via a mail to 21412-closed@bugs.debian.org. You can reopen
it [ who shouldn't, see below ], see the documentation in the debian/doc
directory on the mirror sites, or in /usr/doc/debian/ if you have the
'doc-debian' package installed.

  Tim> My view would be that it should be considered Severity:Critical, the
  Tim> bug report should stay open indefinetly and/or tob_0.14-4 should be
  Tim> completely removed from all Debian sites.  After all, the next "bo"
  Tim> user that installs this risks taking out their entire system.

Please chill out a little and read the emails you got yesterday.  I released
tob_0.14-5 yesterday which added the following test

	cleanup ()
	{
	    message 'Cleaning up.'
	    # add a safety check here   --edd 20 Apr 98, regarding #21412
----->	    if [ "$TMPLIST" != "" -a "$FILELIST" != "" ] ; then
	        $RM -f $TMPLIST* $FILELIST*
	    fi
	    postcommand
	}

which already prevents the behaviour you experienced. That version was
installed last night into the archive. This means that 0.14-4 is gone.
Vanished. Nothing left. [ It's still in the mirrors, but no longer on
master.debian.org and will be replaced in the mirrors. ] Are you happy ?

Further, and as I just said, I adopted a better fix upon a suggestion from a
fellow developer and made tob depend explicitly on debianutils. Ie you cannot
run it without having debianutils installed.

I am sorry for the grieve that the package caused you. In retrospect, I
should have added the dependency on debianutils in tob_0.14-4 when tempfile
was added for safer creation of temporary files. However, we use the
'unstable' release to iron such bugs out.

You helped us in finding the bug, and hence helped other users from being
bitten by it. Thanks !

Regards, Dirk

-- 
mailto:edd@debian.org              According to the latest official figures, 
http://rosebud.ml.org/~edd      43% of all statistics are totally worthless.


--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: