Source: razor Version: 1:2.85-4.2 X-Debbugs-Cc: m...@msquadrat.de Control: submitter -1 m...@msquadrat.de
On 2022-06-20, Malte S. Stretz wrote: > TL;DR: It looks like the Debian 2.85 razor package you've been recently > working on according to > https://salsa.debian.org/debian/razor/-/commits/debian/latest is really 2.84 > > > I noticed this when I repackaged it to backport my IPv6 support from my > GitHub PR at https://github.com/toddr/Razor2-Client-Agent/pull/13 for > which you can find the quilt patch here > https://salsa.debian.org/mss/razor/-/blob/ipv6/debian/patches/ipv6.patch > > Something was odd because the change applied differently to the Debian > codebase than to the upstream one. I first assumed this was because > upstream is already at version 2.86 but there aren't really any relevant > changes in that version. But in commit > 9e8186ac058eae55c92ab4ee9e982d24a978e66a the maintainer ran perltidy on > the codebase which reformatted among others the Makefile.PL. But that > change was applied already between 2.84 and 2.85. > > I compared the salsa and GitHub codebase with `git ls-tree -r HEAD | awk > '{print $4}' | sort | xargs md5sum` and it is indeed almost the same for > upstream tag v2.84 whereas for v2.85 a lot of changes are reported. > > I finally verified this by installing the package and checked that the > 'use lib' line in razor-admin is still present in the Debian version > whereas it is gone on CPAN in 2.85 (ie. CPAN matches the GitHub repo): > > * > https://metacpan.org/release/TODDR/Razor2-Client-Agent-2.84/source/bin/razor-admin#L13 > > * > https://metacpan.org/release/TODDR/Razor2-Client-Agent-2.85/source/bin/razor-admin#L13 > > > So unless I miss something it looks like this package is actually quite > messed up. The current "upstream" version was uploaded to debian in 2008 currently present in old-old-stable (e.g. two releases prior to the current stable release): https://tracker.debian.org/news/303771/accepted-razor-1285-1-source-amd64/ The best thing might be to actually update to the newest upstream release, if there is indeed one newer than 2.85... and kind of ignore that unfortunate problem... ... though there might be security issues that are not correctly tracked that are fixed in the upstream 2.85, but not in the debian packages because of the version discrepancy; that might be worth confirming and possibly notifying the security team. All that said, not sure I have the energy to tackle this kind of tangled problem at the moment... live well, vagrant
signature.asc
Description: PGP signature
