Re: Moving f-prot-installer into volatile.d.n

To: Johannes Rohr <jr.debian@rohr.org>
Cc: Martin Zobel-Helas <zobel@ftbfs.de>, debian-volatile@lists.debian.org
Subject: Re: Moving f-prot-installer into volatile.d.n
From: Andreas Barth <aba@not.so.argh.org>
Date: Sun, 27 Nov 2005 18:02:23 +0100
Message-id: <[🔎] 20051127170223.GH31042@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, Johannes Rohr <jr.debian@rohr.org>, Martin Zobel-Helas <zobel@ftbfs.de>, debian-volatile@lists.debian.org
In-reply-to: <20051026153053.GA7237@rudi.rohr.org>
References: <20051024222935.GA29570@rudi.rohr.org> <20051025200154.GB2878@frigg.ftbfs.de> <435F600C.4020001@rohr.org> <20051026121054.GC2878@frigg.ftbfs.de> <20051026153053.GA7237@rudi.rohr.org>

Hi,

sorry for not replying earlier.

* Johannes Rohr (jr.debian@rohr.org) [051026 19:18]:
> On Mi, Okt 26, 2005 at 02:10:58 +0200, Martin Zobel-Helas wrote:
> > Hi Johannes,
> > 
> > > Officially doko. He is also the original author of the package.
> > > Sebastien, however has been very supportive with GNOME related packages
> > > that I helped maintainig and therefore I asked him a number of times to
> > > upload f-prot-installer for me. In fact, he has been doing most of the
> > > uploads.
> > 
> > I spoke with Sebastien yesterday evening and he told me he doesn't mind
> > who is uploading to volatile. 
> 
> O.K. Is my assumption correct that in either case it has to be a DD?

If the change is trivial enough, one of us might want to sponsor the
upload. But we of course prefer if the upload happens by a DD. :)


> > > +f-prot-installer (0.5.14.sarge.2) stable; urgency=low
> > > +
> > > +  * Sigh. Vendor has modified check-updates.pl, making it incompatible
> > > +    with our wonderful update-f-prot script. To solve this, when patching
> > > +    check-updates.pl, we have to delete the line containing the string
> > > +    "Couldn't determine signature file directory".
> > > +
> > > + -- Johannes Rohr <jr.debian@rohr.org>  Sun, 23 Oct 2005 18:05:56 +0200
> > 
> > We need to make sure that the version of the package is always bigger
> > then the latest version in stable/stable-proposed but smaller then the
> > version in testing.
> 
> I understand the former, but I'm not convinced about the latter. The
> default priority of the official archives is higher than that of Debian
> Volatile. Consequently, in case of equal versions, official packages
> will be preferred. Or am I missing something?

I don't see why by default the priority is different. Also, it is a
*very* bad idea to have different files with same names around, as this
is a great source of confusion.


> > So the version number will look something like
> > 0.5.14.sarge.2-volatile1.  We only should keep in mind, that DSAs
> > might be uploaded with 0.5.14.sarge.3 so DSA would be bigger than the
> > version in volatile. I don't have any solution for this ATM. We could
> > solve this in uploading to debian-volatile the new package before DSA
> > does.
> 
> You don't need to do much to ensure this. There has not been a DSA about
> f-prot-installer. This is not considered a security issue by the release
> team, but simply a broken package. It has been uploaded to
> sarge-proposed-updates only. Or do you mean to say, the security team
> /could/ hypothetically prepare a DSA to fix a vulnerability at some
> point in the future?

that there might be a future issue where DSA does an upgrade, yes.



> Now, what is the next step? 

Please follow (or, rather let your sponsor follow) the instructions on
http://lists.debian.org/debian-volatile/2005/08/msg00008.html and upload
the package. Also, provide us with some stanza we can use for preparing
the VUA-mail.


Cheers,
Andi
-- 
  http://home.arcor.de/andreas-barth/

Reply to:

Prev by Date: Re: volatile infrastructure for ocaml 3.09 backports
Next by Date: Re: postgrey into volatile
Previous by thread: Re: Moving f-prot-installer into volatile.d.n
Next by thread: Is volatile dead?
Index(es):
- Date
- Thread