[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving f-prot-installer into volatile.d.n

On Mi, Okt 26, 2005 at 02:10:58 +0200, Martin Zobel-Helas wrote:
> Hi Johannes,
> > Officially doko. He is also the original author of the package.
> > Sebastien, however has been very supportive with GNOME related packages
> > that I helped maintainig and therefore I asked him a number of times to
> > upload f-prot-installer for me. In fact, he has been doing most of the
> > uploads.
> I spoke with Sebastien yesterday evening and he told me he doesn't mind
> who is uploading to volatile. 

O.K. Is my assumption correct that in either case it has to be a DD?

> > +f-prot-installer (0.5.14.sarge.2) stable; urgency=low
> > +
> > +  * Sigh. Vendor has modified check-updates.pl, making it incompatible
> > +    with our wonderful update-f-prot script. To solve this, when patching
> > +    check-updates.pl, we have to delete the line containing the string
> > +    "Couldn't determine signature file directory".
> > +
> > + -- Johannes Rohr <jr.debian@rohr.org>  Sun, 23 Oct 2005 18:05:56 +0200
> We need to make sure that the version of the package is always bigger
> then the latest version in stable/stable-proposed but smaller then the
> version in testing.

I understand the former, but I'm not convinced about the latter. The
default priority of the official archives is higher than that of Debian
Volatile. Consequently, in case of equal versions, official packages
will be preferred. Or am I missing something?

> So the version number will look something like
> 0.5.14.sarge.2-volatile1.  We only should keep in mind, that DSAs
> might be uploaded with 0.5.14.sarge.3 so DSA would be bigger than the
> version in volatile. I don't have any solution for this ATM. We could
> solve this in uploading to debian-volatile the new package before DSA
> does.

You don't need to do much to ensure this. There has not been a DSA about
f-prot-installer. This is not considered a security issue by the release
team, but simply a broken package. It has been uploaded to
sarge-proposed-updates only. Or do you mean to say, the security team
/could/ hypothetically prepare a DSA to fix a vulnerability at some
point in the future?

> > +    # Necessary with f-prot 4.6.X
> > +    ln -sf /usr/lib/f-prot/f-prot.sh /usr/bin/f-prot
> >      chmod 755 $FPROT_DIR/tools
> >      chmod 755 $FPROT_DIR/tools/check-updates
> >      cp -f $MD5SUM_NEW $MD5SUM_STORED
> Do i oversee the deletion of /usr/bin/f-prot in the pre/postrm of the
> package?

Well, obviously so. It is in line 21 of postrm.

Now, what is the next step? 




Reply to: