[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#792379: RFS: plowshare4/1.0.5-2 [RC] -- filesharing website tool implemented in bash

Control: tag -1 + moreinfo

Hi Carl,

On Tue, Jul 14, 2015 at 2:32 AM, Carl Suster <carl@contraflo.ws> wrote:
> Package: sponsorship-requests
> Severity: important
>
> Dear mentors,
>
> I am looking for a sponsor for my package "plowshare4" to fix an RC bug.
>
>  * Package name    : plowshare4
>    Version         : 1.0.5-2
>
>   It builds those binary packages:
>
>     plowshare4 - Download and upload files from file sharing websites
>
>   To access further information about this package, please visit the following URL:
>
>   http://mentors.debian.net/package/plowshare4
>   dget -x http://mentors.debian.net/debian/pool/main/p/plowshare4/plowshare4_1.0.5-2.dsc
>
>
> This is intended to be a targeted fix for #791467. The plowshare4 package uses rhino's
> implementation of the `js` executable to execute snippets of javascript downloaded from
> the web. Since this is not safe, my patch in this version simply removes the dependency
> on rhino and forces plowshare to act as though javascript is not available on the system.
> This breaks a few of plowshare's supported websites, but I don't see this as a problem
> since these break over time anyway and one would want to use an up-to-date version of
> plowshare to account for this.
>
> For future versions I want to investigate sandboxing and/or cleaning the javascript so
> that it doesn't have to be disabled. This fix is intended to target only the version in
> stable, and I'm not quite sure on the process here. This upload should fix the issue for
> stable but I want the bug to stay open for the versions in unstable while I work out
> what to do. The package is scheduled to be removed from stable in a few weeks' time, so
> how do I get this fix into stable?

All uploads to stable must first be approved by the release team. See
devref 5.5.1 [1] for instructions (tl;dr: file a bug against
release.debian.org with appropriate tags and a proposed debdiff).
Please remove the moreinfo tag from your RFS bug when your package has
been approved by the release team.

Also, note that package autoremovals only affect testing, not stable.
I can't speak on behalf of the release team, but they generally frown
upon bugs being fixed in stable that haven't yet been fixed in
unstable (but go ahead and file a bug against release.debian.org
anyways to get actual feedback from the release team).

> BONUS: can I get help copying the version of plowshare4 currently in experimental into
> unstable? I'm in the middle of packaging the new upstream release but in the
> meantime the unstable version is lagging because I uploaded to experimental during the
> jessie freeze. As far as I understand this just needs a simple copy into unstable.

You'll need to find someone to sponsor your updated package; there's
no mechanism to automatically "copy" packages from experimental to
unstable.

Regards,
Vincent

[1] https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
Reply to: