[Pkg-ia32-libs-maintainers] ia32-libs update for lenny (2.7+lenny1)
Thijs Kinkhorst
thijs at debian.org
Mon Jun 28 21:00:03 UTC 2010
Hi Goswin,
On sneon 24 April 2010, Goswin von Brederlow wrote:
> Hi,
>
> I've prepared an ia32-libs update for Lenny and uploaded it to
> mentors.debian.net [1]. The upload brings ia32-libs back in sync with
> the packages contained in stable and stable security. The only other
> change to the binaries is fixing a broken symlink so ia32-libs works on
> ia64 at all (#563402). Please upload this to security.debian.org.
>
> As you can see below (see debian/changelog) there are quite a number of
> bugs and ~60 security issues fixed by this upload. The upload contains
> updates from the following packages:
Thanks for your work on this. I hope you can forgive us for the long shelf
life of this issue, which stems from the combination of other priorities and
the complex nature of this package.
I have reviewed it and am generally ok with it.
What definately jumps out at first is that the updated packages contain
updates that normally have no place in a stable security update, like new
upstream releases even. I understand where this comes from, namely that
current stable already contains these changes and that the jump is necessary
to bring them up to date. Given that the packages are in this form in stable I
think this is acceptable. However, ideally it would be better in the future if
this kind of jump would be minimised as far as possible. For squeeze, would it
be possible to update ia32-libs very close to the end of the release cycle, so
it would contain nearly all package versions as they are to be released? Also,
having an ia32-libs update in the first point update after stable's release
that rounds up the changes in the window between the last regular ia32-libs
upload and the actual release of stable would be very desirable, to keep
subsequent changes in ia32-libs in DSA context limited to actual security
fixes. What do you think?
Besides from this thought the current updated packages look correct.
A number of them have had further updates since you prepared this package
version. If you wish you can update them to include those fixes aswell, would
be nice.
As for the changes to ia32-libs packaging, the following three changes are not
acceptable in a stable-security upload:
* Add misc depends for debhelper.
* Add lots of lintian overrides where nothing can be done about them.
* Bump debhelper compat to 5.
Perhaps they were made to address Lintian reports. It is not necessary (or
even desirable) to do that kind of cleanup in a stable upload. Please revert
those.
Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-ia32-libs-maintainers/attachments/20100628/507c4068/attachment.pgp>
More information about the Pkg-ia32-libs-maintainers
mailing list