On Sun, Apr 07, 2013 at 02:12:46PM +0200, Niels Thykier wrote: > > On Sun, Mar 31, 2013 at 05:46:12PM +0100, Dominic Hargreaves wrote: > > > >> There is a problem with the perl package, as discussed in > >> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224#55> > >> onwards, whereby the application of the security fix in that ticket > >> now causes double-escaping problems where people workaround the problem > >> by escaping themselves, when they detect an earlier Locale::Maketext > >> by version number. > >> > >> I am slightly wary about importing the new (1.23) version of > >> Locale::Maketext as I mentioned in that bug already, but my fears may > >> be unfounded. Could you comment about whether you would accept such > >> a change in wheezy at this time? (I can't really decide whether it's > >> RC or not). > I would suspect that any application code using Module::CoreList would > still have to account for the "cpan" version being present?
Yes, I too think that should be expected. > I am tempted to take this fix for Wheezy and be done with it. Can (one > of) you please check up on CPAN.pm/CPANPLUS.pm ? Sorry for the delay and thanks for looking at this. I just tested installing Locale-Maketext-Utils-0.36 from CPAN, as it requires Locale::Maketext 1.22 or greater. I saw no problems with either cpan or cpanp: with perl/5.14.2-20 from sid/wheezy a newer Locale-Maketext gets pulled in from CPAN, but with Dominic's patch the system version satisfies the requirement as expected. That's good enough for me. So, can we consider the patch pre-approved? > > I see Fedora/RedHat also upgraded their Locale::Maketext modules without > > incrementing $VERSION (I checked the patches in RHEL 6 / Perl 5.10.1 and > > Fedora Core 16 & 17 / Perl 5.14.3). So it looks like even if we do try > > to fix this for wheezy, applications still have to check for features > > rather than versions to stay on the safe side. > Okay, sounds like it will be fine with leaving Squeeze as is then. Ack on my part. Thanks again, -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org