Hello! 2015-06-15 21:49 GMT+03:00 Adam D. Barratt <a...@adam-barratt.org.uk>: > On Sun, 2015-06-14 at 01:55 +0300, Otto Kekäläinen wrote: > [...] >> 2015-06-14 1:37 GMT+03:00 Adam D. Barratt <a...@adam-barratt.org.uk>: >> > On Sun, 2015-06-14 at 01:09 +0300, Otto Kekäläinen wrote: >> >> I hereby request permission to upload some critical and minor fixes in >> >> the packaging along a security release of MariaDB 10.0. >> > >> > Why is this on private aliases, rather than e.g. debian-release? (Or >> > even better a p-u bug.) >> >> Sorry, I was asked to write to the release team and based on how the >> address looks like I assumed it was the address of the release team. I >> didn't know that there was another more preferred address. > > Well, the first hit on a well known search engine for "debian release > team contact" is https://wiki.debian.org/Teams/ReleaseTeam , which
OK, using that address now. [..] >> http://labs.seravo.fi/~otto/mariadb-repo/logs/10.0.19-0deb8u1.diff > > I've attached a copy of that diff, so that we can be sure that we're all > looking at the same thing, even in six months time. It only contains > changes to debian/*. I haven't checked, but I'm taking it as read that > those are the only changes on which our opinion was requested. > > As a side note, I'm not entirely clear why the changelog entries for > 10.0.17 and 10.0.18 have been dropped in favour of things such as This changelog lives in a jessie branch and the changelog there contains only the changes that have been done for jessie. Therefore there are no separate .17 or .18 entries as the first upload to jessie after .16 will (hopefully) be 10.0.19. >From a security point of view it is important to track which CVE's and fixed and where, to therefore I still list in the changelog entry each CVE that is fixed so that it is explicit which all issues will be fixed along with this upload. [..] > + * Import of 10.0.17 included updated lines to the > mariadb-server-10.0.postinst > + github.com/MariaDB/server/commit/dc94bd09b875b7aac106761f1a398c1c6de036f9 > > "Something changed, see this external resource" is not a useful > changelog entry. It should say what changed, and why. (Having looked at > the commit I'm okay with the change, but not with the documentation of > it.) Ok, I've now updated it to be more verbose. > + * Removed /var/log/mysql.log from logrotate. Everything should be inside > + the mysql directory (/var/log/mysql/) and not directly on plain /var/log > > Should be, or is? Installing mariadb-server-10.0 10.0.16-1 on a jessie Should be, and from now on is. Updated the changelog line to be a bit clearer on this. > + * d/control: Related to innochecksum manpage move, also break/replace > + the mysql-client-5.5/6 packages (Closes: #779873) > [...] > + * Move innochecksum back to mariadb-server-core-10.0 to align with other > + variants (LP: #1421520). > > I'm assuming that it's not intended for the maria server packages to be > co-installable with a mysql client package? Yes, they are not co-installable as they contain files with the same names and paths. From now on we have coordinated which files go into which packages across all variants in both Ubuntu and Debian, so users should not run into any install/upgrade dpkg conflicts anymore. > > + * New release confirmed to build with GCC-5 (Closes: #777996) > > Irrelevant, as already discussed, but assuming there weren't any > Debian-specific changes involved in fixing this then meh. I removed this line, it is not relevant anymore since 10.0.17 and forwards has later on been uploaded to unstable and the bug is closed. > + * Security: improved hardening flags (hardening=+all,-pie) > > I'd prefer to defer to the Security Team on this one, as to whether > they'd generally accept it in packages they were releasing. Lintian complained that hardening-wrapper is deprecated so it had to be replaced with this. > + * Updated Swedish translation by Martin Bagge > + and Anders Jonsson (Closes: #781684) > [...] > + * Updated copyright file based on Lintian feedback > > Documentation changes. I've not checked the correctness of either, but > in theory, sure. OK > + * Adding mysqld_multi.server_lsb-header.patch, provides LSB headers for > + example initscript (Closes: #778762) > + * Adding mysqld_multi_confd.patch, makes mysqld_multi reading conf.d > + (Closes: #778761) > > This seems a little featureish. The only packages shipping files in the > conf.d folder appear to be MySQL variants, so I guess this isn't too > bad. Very few people run multiple different mysqld daemons on the same system, and this thing must have been broken for a long time. Here somebody scratched their own itch and fixed the buggy scripts inherited from older packaging. These have been well reviewed and deemed safe changes. It would be a shame not to release these fixes. There are very few contributors in the MySQL packaging team and we should value the work of new people who show up and provide ready-made patches. Updated changelog visible via https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/commit/?id=c7a3eae1d742a64250bc8a8ae35cc483af3714a7 Please tell me if there something else you wish me to do. - Otto -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/cahj_tlcryutbgmveqjn7oaqyb05fc-_fyck7atbz2zffyyg...@mail.gmail.com
