Package: sponsorship-requests Severity: important Dear mentors,
I am looking for a sponsor for my package "plowshare4" to fix an RC bug.
* Package name : plowshare4
Version : 1.0.5-2
It builds those binary packages:
plowshare4 - Download and upload files from file sharing websites
To access further information about this package, please visit the following
URL:
http://mentors.debian.net/package/plowshare4
dget -x
http://mentors.debian.net/debian/pool/main/p/plowshare4/plowshare4_1.0.5-2.dsc
This is intended to be a targeted fix for #791467. The plowshare4 package uses
rhino's
implementation of the `js` executable to execute snippets of javascript
downloaded from
the web. Since this is not safe, my patch in this version simply removes the
dependency
on rhino and forces plowshare to act as though javascript is not available on
the system.
This breaks a few of plowshare's supported websites, but I don't see this as a
problem
since these break over time anyway and one would want to use an up-to-date
version of
plowshare to account for this.
For future versions I want to investigate sandboxing and/or cleaning the
javascript so
that it doesn't have to be disabled. This fix is intended to target only the
version in
stable, and I'm not quite sure on the process here. This upload should fix the
issue for
stable but I want the bug to stay open for the versions in unstable while I
work out
what to do. The package is scheduled to be removed from stable in a few weeks'
time, so
how do I get this fix into stable?
BONUS: can I get help copying the version of plowshare4 currently in
experimental into
unstable? I'm in the middle of packaging the new upstream release but in the
meantime the unstable version is lagging because I uploaded to experimental
during the
jessie freeze. As far as I understand this just needs a simple copy into
unstable.
Cheers,
Carl
signature.asc
Description: OpenPGP digital signature
