[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#792379: marked as done (RFS: plowshare4/1.0.5-2 [RC] -- filesharing website tool implemented in bash)

Your message dated Sat, 25 Jul 2015 22:03:08 -0700
with message-id <CACZd_tANyUyaRYw=+NS+xm2oHrtadk+7x82r6LDKG4Abb-SYVA@mail.gmail.com>
and subject line Re: Bug#792379: RFS: plowshare4/1.0.5-2 [RC]
has caused the Debian Bug report #792379,
regarding RFS: plowshare4/1.0.5-2 [RC] -- filesharing website tool implemented in bash
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
792379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792379
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "plowshare4" to fix an RC bug.

 * Package name    : plowshare4
   Version         : 1.0.5-2

  It builds those binary packages:

    plowshare4 - Download and upload files from file sharing websites

  To access further information about this package, please visit the following URL:

  http://mentors.debian.net/package/plowshare4
  dget -x http://mentors.debian.net/debian/pool/main/p/plowshare4/plowshare4_1.0.5-2.dsc


This is intended to be a targeted fix for #791467. The plowshare4 package uses rhino's
implementation of the `js` executable to execute snippets of javascript downloaded from
the web. Since this is not safe, my patch in this version simply removes the dependency
on rhino and forces plowshare to act as though javascript is not available on the system.
This breaks a few of plowshare's supported websites, but I don't see this as a problem
since these break over time anyway and one would want to use an up-to-date version of
plowshare to account for this.

For future versions I want to investigate sandboxing and/or cleaning the javascript so
that it doesn't have to be disabled. This fix is intended to target only the version in
stable, and I'm not quite sure on the process here. This upload should fix the issue for
stable but I want the bug to stay open for the versions in unstable while I work out
what to do. The package is scheduled to be removed from stable in a few weeks' time, so
how do I get this fix into stable?

BONUS: can I get help copying the version of plowshare4 currently in experimental into
unstable? I'm in the middle of packaging the new upstream release but in the
meantime the unstable version is lagging because I uploaded to experimental during the
jessie freeze. As far as I understand this just needs a simple copy into unstable.


Cheers,
Carl

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
--- Begin Message --- 
On Sat, Jul 25, 2015 at 9:47 PM, Carl Suster <carl@contraflo.ws> wrote:
> Eriberto said he won't be able to look at it for at least another week. So if
> anyone could look at it before then, great, but otherwise I'll wait for him.
> The only issue is that I'll have less available time to work on this after this
> week.

Ok, I've gone ahead and uploaded your package to sid. Feel free to
ping me if you also need a sponsor for the package in stable once the
release team approves it.

Regards,
Vincent

--- End Message ---
Reply to: