Your message dated Tue, 02 Jan 2018 18:35:03 +0000
with message-id <[email protected]>
and subject line Bug#883539: fixed in metastore 1.1.1a-1
has caused the Debian Bug report #883539,
regarding metastore: New upstream version (1.1.1) with important bugfix has
been released
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
883539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883539
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: metastore
Version: 1+20080623+debian-5
Severity: important
Dear Maintainer,
I am official maintainer of metastore project since commit
f65c0a03c214 done by David Härdeman, who was the previous metastore
maintainer (and co-maintainer of Debian package). He ceded
maintainership of metastore to me publicly via GitHub PR (because
GitHub was where I was developing my metastore continuation,
unofficial back then):
https://github.com/przemoc/metastore/pull/32
I merged commit f65c0a03c214 on the same day, i.e. 2015-10-26.
Before that happened I reported important xattr-related bug to Debian
on 2015-09-07 (#798222) and provided a patch (commit 489d58670283,
2015-09-06), but there was no action from your side.
A few months later another important xattr-related bug has been
discovered and fixed (commit 98e73203bf9d, 2016-01-12).
On 2016-01-31 I mailed you about metastore-announce mailing list (very
low traffic - 2 mails/year so far), which archive is available at:
https://www.freelists.org/archive/metastore-announce/
You didn't subscribe to it.
metastore 1.1.0 has been released shortly after (commit 0197117b4411,
2016-02-01).
Recently another important xattr-related bug manifesting on 64-bit
platforms has been discovered (maybe even CVE-worthy) and fixed
(commit 5b060d5b7f0d, 2017-11-24), and I quite quickly informed about
it on ML:
https://www.freelists.org/post/metastore-announce/Serious-xattrrelated-bug-in-metastore-v110
Unfortunately back then I didn't have time and other resources to do
the release, so it was delayed until yesterday night, or actually
today, to be precise.
metastore 1.1.1 has been released with commit 56f3f9228dfe, pointed by
annotated and GPG-signed tag v1.1.1. Announcement on mailing list:
https://www.freelists.org/post/metastore-announce/metastore-v111
I still use Debian from time to time, so it pains me that metastore is
in such neglected state here. I am not willing to become Debian
maintainer of metastore, though, as I am not sure if being upstream
maintainer and distro package maintainer at the same time is a good
thing.
Beside updating metastore itself, its homepage (debian/control) and
upstream download URL (debian/watch) should be changed as well:
https://github.com/przemoc/metastore
http://ftp.przemoc.net/pub/software/utils/metastore/ metastore-(.+)\.tar\.gz
Tarballs are signed with my signing-only subkey:
rsa4096/0xFA94ECC62EBFBFBA [expires: 2017-12-13]
fingerprint = B97A 7939 E022 800C 9808 6A32 FA94 ECC6 2EBF BFBA
(this one expires soon, so future versions will be signed with some
new one, obviously).
My signing-only subkey is associated with my main key:
rsa4096/0x879C7468EAD49C84
fingerprint = BA46 8718 D588 669A 6633 98CE 879C 7468 EAD4 9C84
As you can easily check on GitHub, I cannot say I'm actively
developing metastore right now, but I always treat bugs seriously, so
at least it's not an abandoned project.
I know that metastore userbase is extremely small, but if Debian
provides such package, it should be as bug-free version as possible,
which is not the case for a second year already. At this moment there
are 3 unfixed and important xattr-related bugs in metastore available
in Debian (and its derivatives).
I hope you'll find time to bring metastore in Debian to proper state
in upcoming weeks.
Regards.
--
Przemysław 'Przemoc' Pawełczyk
http://przemoc.net/
--- End Message ---
--- Begin Message ---
Source: metastore
Source-Version: 1.1.1a-1
We believe that the bug you reported is fixed in the latest version of
metastore, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Romain Francoise <[email protected]> (supplier of updated metastore package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 02 Jan 2018 19:06:04 +0100
Source: metastore
Binary: metastore
Architecture: source
Version: 1.1.1a-1
Distribution: unstable
Urgency: medium
Maintainer: Romain Francoise <[email protected]>
Changed-By: Romain Francoise <[email protected]>
Description:
metastore - Store and restore metadata from a filesystem
Closes: 508743 798222 883539
Changes:
metastore (1.1.1a-1) unstable; urgency=medium
.
* New upstream release from new maintainer (closes: #883539):
+ Fixes issue with xattrs (closes: #798222).
+ Adds new --dump option (closes: #508743).
* Assorted packaging changes:
+ Drop all old Debian patches.
+ Add new patch to allow overriding PREFIX in upstream Makefile.
+ Set PREFIX when calling dh_auto_install.
+ Add new build-dep on libbsd-dev.
+ Install FILEFORMAT file as documentation.
+ Add new maintainer's GPG key to debian/upstream/signing-key.asc.
+ Update debian/copyright.
+ Update upstream homepage URL.
+ Update watch file and enable signature checking.
* Add Vcs-Browser and Vcs-Git fields pointing to new repository on
salsa.debian.org.
* Switch to debhelper compatibility level 11.
* Bump Standards-Version to 4.1.3.
Checksums-Sha1:
2a79dc7eb7a017de1a52505f14ce153474b366c4 2129 metastore_1.1.1a-1.dsc
d11f44b4eec284cf7f176b0e40ddf8a4fea17367 27391 metastore_1.1.1a.orig.tar.gz
22a767b741836433e85e36fe774b6dc5d373c2ce 833 metastore_1.1.1a.orig.tar.gz.asc
0fba784be02d8ed21ccb8bc6c81e10b3eeee1122 10052 metastore_1.1.1a-1.debian.tar.xz
818cdc9d8cd7dfc47eae34ab086cb08dfaa64ebf 5140
metastore_1.1.1a-1_source.buildinfo
Checksums-Sha256:
39f1f8f4d35b1078ad388d783f7d99b880fff43ef3da8009a08d17cda90340e7 2129
metastore_1.1.1a-1.dsc
48c99411f9d3389c86691a43102f977e70c73bec2bddfeb7a4e63e858ff6622f 27391
metastore_1.1.1a.orig.tar.gz
c954cac702c2d4519125e0ad9681611d7727099dcba85708b20ef0ec0bbfd814 833
metastore_1.1.1a.orig.tar.gz.asc
58117801e608fb50b6f11aa3220cf1ae742affc8f32af6d9c8c2af649f4fe601 10052
metastore_1.1.1a-1.debian.tar.xz
3bf536928f22b7985609c9cd939825e38fb1b40354b18bdfa61a20e65ac06543 5140
metastore_1.1.1a-1_source.buildinfo
Files:
0dcefdcc870ca345637bba8eaef0699c 2129 misc optional metastore_1.1.1a-1.dsc
38687d79176e0f2afd8047b4a98d64e1 27391 misc optional
metastore_1.1.1a.orig.tar.gz
9e23542f8d6dfd72010f3864036fa46d 833 misc optional
metastore_1.1.1a.orig.tar.gz.asc
1feaf9921c660b5e3cc12a8a2053b6ae 10052 misc optional
metastore_1.1.1a-1.debian.tar.xz
8228f8008ba3003aef2aab97d9a7fee5 5140 misc optional
metastore_1.1.1a-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEvjSXQsqYfs1+d+QtrRX0NfBfli0FAlpLzMsACgkQrRX0NfBf
li0Rnw/+I4+6dnqayG8zZ4EoWTOTFXIfvkbeKjHRjO0h/64WL+xur96Rq1efm880
2qcH5VBI4kaECvInxSyskeWOL7PcXQ5nSTBqbtPMONPXd+wx5XXntTzTdn0tA3qs
o9C1KiaW8ffin7HAQorsWgQAWPPZxXYAQxHRI+uipQpldzEkean9lmpuC04t6wsH
+T0Ge2CrftvF8pTAGy56VY7+BAFUkS71oqzh1PH0/oZ7uPWDJs2VCx4tjEWKjxeK
pveFPxNipdLLBpO90C9vXAQiB280cS8r5MN61xkcx2fDbBWGg1skh9B/27IDo8o0
Da8l6+63tnBWbvx2iNX14x2UukO/kSGVwOai+80i7RwwaPXBeSQLgZNFXX5ZrXTw
/LSxslyY9a/k1sKFU0WozYU4IiOhYmp1H+F5zslc4Vr2kj9/RAKudTlo+yiSkIve
UcWbnp40h/vngTv5xMxDT2sqtYM2f0nWr48Xr2nCG2uCZWDKQKQy/mNLC9KkJiQC
kLYfDvnQJNoR2Z/L04wckLckSIEwcftTJNv4HptgCgiOEhP16bmz0zPMvqs2wLXK
HZU2X7wit6XLqs9epRwxYpu2tqyUOpRpVltmtIOriQ1PiBSkiz1jmVnqrcp8RhP9
cHhiYsAuhgMgefu4xZbPUOaGfGRpjdCjKaML+lbW2Jtj9SvV2mg=
=N8yF
-----END PGP SIGNATURE-----
--- End Message ---
