Package: release.debian.org Severity: normal User: [email protected] Usertags: unblock
Please unblock package fossil [ Reason ] Marked for autoremoval due to #985124. The issue was fixed upstream. Given the nature of the package, I think tracking their release candidate is better than cherry-picking the change that appears directly related to this issue. They made a number of other safety-related fixes to ensure robustness and security in the face of old or compiled-with-wrong-options versions of SQLITE3. And nothing that looks scary. [ Impact ] Will allow fossil to be in the release. [ Tests ] There is a comprehensive test suite, which can be run automatically. It is disabled in debian/rules because the makefile says it needs to be run in a fossil repo that will be discarded after the test because the tests can corrupt it. Well, it used to say this: the comment is gone, so maybe it's okay now. But in any case, the system passes all tests right now. [ Risks ] This is a leaf package. It ticks various boxes for security sensitivity, sort of the union of the security sensitivity of git and a web server and a wiki. Upstream is extremely responsive and careful. I think the best option is to follow upstream's recommendation, which is to track their releases. [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [ ] attach debdiff against the package in testing I'm attaching the debdiff, but it's large. Due mainly to changes in the enclosed sqlite3 (unused unless the debian version is too old or otherwise unsuitable), and tweaks to static material in the integrated wiki. unblock fossil/1:2.15~rc2-1 <#part type="application/octet-stream" filename="~/tmp/ddiff2" disposition=attachment> <#/part>
