Bug#759665: RFS: libtorrent-rasterbar/0.16.17-1~bpo70+1 [NMU]

To: Vincent Cheng <vcheng@debian.org>
Cc: 759665@bugs.debian.org
Subject: Bug#759665: RFS: libtorrent-rasterbar/0.16.17-1~bpo70+1 [NMU]
From: Martino Dell'Ambrogio <tillo@tillo.ch>
Date: Mon, 01 Sep 2014 09:53:46 +0200
Message-id: <[🔎] 5404260A.1070908@tillo.ch>
Reply-to: Martino Dell'Ambrogio <tillo@tillo.ch>, 759665@bugs.debian.org
In-reply-to: <CACZd_tCsEeTKna2e0ymSjfF5xyqRSaye8ABpK5YzdSpRDbdG_g@mail.gmail.com>
References: <540041F8.2010502@tillo.ch> <CACZd_tCsEeTKna2e0ymSjfF5xyqRSaye8ABpK5YzdSpRDbdG_g@mail.gmail.com>

Hello Vincent,

Thank you for the recommendation.

I was going to propose a wheezy update at first, but I opted forwheezy-backports exactly because of devref 5.5.1:

"Extra care should be taken when uploading to stable. Basically, apackage should only be uploaded to stable if one of the following happens:

 * a truly critical functionality problem
 * the package becomes uninstallable
 * a released architecture lacks the package"

The mentioned bug shows itself in at least some Xeon CPUs as far as Ican tell, but only impacts encrypted BitTorrent transfers.

The library remains perfectly usable for unencrypted tranfers.

I also informed the current maintainer so that he may decide whetherthis is "a truly critical functionality problem".

In my humble opinion it's not. It may be average or important, not critical.

Martino Dell'Ambrogio
Security Auditor
Web: http://www.tillo.ch/
Email: tillo@tillo.ch

On 08/31/2014 12:57 AM, Vincent Cheng wrote:

Hi Martino,

On Fri, Aug 29, 2014 at 2:03 AM, Martino Dell'Ambrogio <tillo@tillo.ch> wrote:

Package: sponsorship-requests
Severity: normal

Dear mentors,

I am looking for a sponsor for my package "libtorrent-rasterbar" on
wheezy-backports.

This is a straightforward rebuild of the current testing package.
The reason for wanting libtorrent-rasterbar 0.16.x (libtorrent-rasterbar7,
python-libtorrent...) on the current stable is that it fixes a crash bug
involving OpenSSL and encrypted transfers for any bittorrent client
depending on the library.

If your intent for providing this backport is to fix a bug in stable,
I strongly recommend that you instead fix it in stable proper, i.e.
prepare a minimal diff against the package in wheezy and file a wheezy
proposed update request against the release.debian.org pseudo-package
with reportbug (see devref 5.5.1 [1] for more details). Once the
release team approves of the debdiff, you can then request a sponsor
here as well (or contact the maintainers/uploaders to see if they'd be
interested in fixing the bug in wheezy themselves).

Regards,
Vincent

[1] https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply to:

Follow-Ups:
- Bug#759665: RFS: libtorrent-rasterbar/0.16.17-1~bpo70+1 [NMU]
  - From: Vincent Cheng <vcheng@debian.org>

Prev by Date: Bug#759605: [geographiclib] 01/01: pristine-tar data for geographiclib_1.37.orig.tar.gz
Next by Date: Bug#759665: RFS: libtorrent-rasterbar/0.16.17-1~bpo70+1 [NMU]
Previous by thread: Bug#759605: Geographiclib 1.37 now ready
Next by thread: Bug#759665: RFS: libtorrent-rasterbar/0.16.17-1~bpo70+1 [NMU]
Index(es):
- Date
- Thread