+ debian-perl as it possible affects how we deal with FTBFS module packages.
On Wed, Jul 05, 2017 at 07:46:39AM +0200, Cyril Brulebois wrote: > Hi Dominic, > > Dominic Hargreaves <d...@earth.li> (2017-07-04): > > 1) this commit is identical to those now in upstream release candidates. > > 2) This has now been filed as #867164 (sorry that this was missing before) > > Thanks for the update, much appreciated. > > I have to say that giving you a green light to update perl in stable with this > kind of fix makes me a little nervous, sorry. :( Okay, it would be useful to know in a bit more detail why you think this, as it doesn't seem any different from other similar fixes to perl we have requested in the past (and we've learnt our lesson from lack of mass rebuild testing where that was an issue previously) But anyway, there are two options: 1) proceed with the update as proposed. This should be fairly low risk since we have test-rebuilt all packages build-depending on perl and found no regressions, and the problem it is fixing only affected a handful of unusual cases. Given the lack of bug reports, I assume the imperfect base.pm change hasn't actually affected anyone in the real world, but of course that might be a rash assumption. 2) work around the problem by patching away the issue like we have for stretch in the half dozen or so affected packages. This would leave jessie's perl in a slightly awkward state in carrying around for the rest of its days a patch that was rejected by upstream in favour of another one. But in practice it may not make all that difference. And probably the risk in doing this is slightly less in not touching a core package, though it is a bit more work. Overall I'm in favour of 1) but happy to defer to you. Does anyone else in pkg-perl have an opinion on this? > > 3) this particular bug doesn't strictly apply to stretch/sid, but we plan > > to fix it in sid at least for consistency and to fix the minor remaining > > security bug (see #867170) > > I'm not sure how we feel about similar-yet-kind-of-different bugs in > other suites (as in: not sure whether fixing those would be considered > a hard requirement before an update in (old)stable). Even if you reject the patch for jessie, I hope you will consider it in stretch, as there is actually fixes a minor security issue (in due course it will end up in a new upstream point release, and it's quite likely we'll want a wholesale upgrade to that anyway). Indeed, if that would also make you uncomfortable we should discuss that in more detail... I will aim to get the s-p-u bug for that filed soon. Thanks, Dominic.