Bug#600063: libclass-accessor-grouped-perl: Module susceptible to drastic change of semantics in presence of libclass-xsaccessor-perl
gregoa at debian.org
Sat Oct 16 16:33:39 UTC 2010
On Wed, 13 Oct 2010 12:35:30 +0200, Peter Rabbitson wrote:
> Package: libclass-accessor-grouped-perl
> Version: 0.09003-1
> Severity: important
> Tags: patch
> A bit over a year ago optional support for Class::XSAccessor was introduced
> to generate lightning-fast 'simple'-group accessors. However it recently a
> number of oversights became apparent, all of which were fixed in the latest
> version on CPAN 0.09008. The identified and fixed problems are:
> * Any accessors of type 'simple' (arguably the most used ones) that are
> declared as read-only or write-only, will silently turn into read-writer ones
> when Class::XSAccessor is present in @INC
> * If Class::XSAccessor is present in @INC set_simple/get_simple methods will
> no longer be invoked, even if the underlying program defines custom versions
> of these methods
> Note that it doesn't matter wether Class::XSAccessor was installed via dpkg
> or if it has been locally cpan'ed - all it takes is for the perl interpreter
> to find it somehow.
> Please consider upgrading the squeeze version, as the current one (0.09003-1)
> is too vulnerable to spooky action at a distance.
Dear release team,
I'd like to ask for your advice on how to handle this issue.
* Peter Rabbitson is the upstream author and knows best the problem
and fixes :) He has contacted us via IRC and is happy to help in
any way in solving the problem. - Please CC him on replies.
* testing has 0.09003-1, unstable unfortunately already has
0.09006-1, and 0.09008 is the new upstream release which contains
* The diff between 0.09003 and 0.09008 is not exactly minimal:
(although the only relevant changes are in lib/Class/Accessor/Grouped.pm,
the rest is build system (inc/Module/), docs, tests, ...)
The options I see now are:
- Upload 0.09008 to unstable and unblock it; but I guess that doesn't
conform to the current freeze policy due to the size of the diff.
- Create a patch against 0.09003 that contains only the necessary
changes (lib/Class/Accessor/Grouped.pm and the test cases?), and
upload to t-p-u.
- (Create a patch against 0.09006 and upload via unstable.)
Peter has offered to backport the changes and create an
as-minimal-as-possible patch against 0.09003 (or 0.09006), with or
without test cases, but we'd like to clarify the way to proceed
before wasting time :)
Thanks in advance,
.''`. http://info.comodo.priv.at/ -- GPG key IDs: 0x8649AA06, 0x00F3CFE4
: :' : Debian GNU/Linux user, admin, & developer - http://www.debian.org/
`. `' Member of VIBE!AT & SPI, fellow of Free Software Foundation Europe
`- NP: Phil Collins: Inside Out
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 836 bytes
Desc: Digital signature
More information about the pkg-perl-maintainers