Your message dated Sat, 25 Jul 2015 22:03:08 -0700 with message-id <CACZd_tANyUyaRYw=+NS+xm2oHrtadk+7x82r6LDKG4Abb-SYVA@mail.gmail.com> and subject line Re: Bug#792379: RFS: plowshare4/1.0.5-2 [RC] has caused the Debian Bug report #792379, regarding RFS: plowshare4/1.0.5-2 [RC] -- filesharing website tool implemented in bash to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 792379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792379 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: RFS: plowshare4/1.0.5-2 [RC] -- filesharing website tool implemented in bash
- From: Carl Suster <carl@contraflo.ws>
- Date: Tue, 14 Jul 2015 19:32:27 +1000
- Message-id: <[🔎] 55A4D72B.3060001@contraflo.ws>
Package: sponsorship-requests Severity: important Dear mentors, I am looking for a sponsor for my package "plowshare4" to fix an RC bug. * Package name : plowshare4 Version : 1.0.5-2 It builds those binary packages: plowshare4 - Download and upload files from file sharing websites To access further information about this package, please visit the following URL: http://mentors.debian.net/package/plowshare4 dget -x http://mentors.debian.net/debian/pool/main/p/plowshare4/plowshare4_1.0.5-2.dsc This is intended to be a targeted fix for #791467. The plowshare4 package uses rhino's implementation of the `js` executable to execute snippets of javascript downloaded from the web. Since this is not safe, my patch in this version simply removes the dependency on rhino and forces plowshare to act as though javascript is not available on the system. This breaks a few of plowshare's supported websites, but I don't see this as a problem since these break over time anyway and one would want to use an up-to-date version of plowshare to account for this. For future versions I want to investigate sandboxing and/or cleaning the javascript so that it doesn't have to be disabled. This fix is intended to target only the version in stable, and I'm not quite sure on the process here. This upload should fix the issue for stable but I want the bug to stay open for the versions in unstable while I work out what to do. The package is scheduled to be removed from stable in a few weeks' time, so how do I get this fix into stable? BONUS: can I get help copying the version of plowshare4 currently in experimental into unstable? I'm in the middle of packaging the new upstream release but in the meantime the unstable version is lagging because I uploaded to experimental during the jessie freeze. As far as I understand this just needs a simple copy into unstable. Cheers, CarlAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: Carl Suster <carl@contraflo.ws>
- Cc: 792379-done@bugs.debian.org
- Subject: Re: Bug#792379: RFS: plowshare4/1.0.5-2 [RC]
- From: Vincent Cheng <vcheng@debian.org>
- Date: Sat, 25 Jul 2015 22:03:08 -0700
- Message-id: <CACZd_tANyUyaRYw=+NS+xm2oHrtadk+7x82r6LDKG4Abb-SYVA@mail.gmail.com>
- In-reply-to: <[🔎] 55B4667F.8000908@contraflo.ws>
- References: <[🔎] 55B46205.8060104@contraflo.ws> <[🔎] CACZd_tDKWKa_9SX8-VVG6sUvnLkx3WQa7K3Nx0hsL+LYMjSD6Q@mail.gmail.com> <[🔎] 55B4667F.8000908@contraflo.ws>
On Sat, Jul 25, 2015 at 9:47 PM, Carl Suster <carl@contraflo.ws> wrote: > Eriberto said he won't be able to look at it for at least another week. So if > anyone could look at it before then, great, but otherwise I'll wait for him. > The only issue is that I'll have less available time to work on this after this > week. Ok, I've gone ahead and uploaded your package to sid. Feel free to ping me if you also need a sponsor for the package in stable once the release team approves it. Regards, Vincent
--- End Message ---