Your message dated Mon, 05 Sep 2022 09:50:41 +0000 with message-id <e1ov8kb-008qsr...@fasolo.debian.org> and subject line Bug#1018043: fixed in zutils 1.12~pre2-2 has caused the Debian Bug report #1018043, regarding zutils: statically linked to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1018043: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018043 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: zutils Version: 1.11-5, 1.12~pre2-1 Severity: serious Justification: Policy 10.1 Hi! This package has a massive size, as it's pointlessly statically built. Not only this violates a "must" requirement of the Policy, it also does so for no benefit at all: in the case libraries it's linked with would be subverted/corrupted, both the compressor and the actual tool invoked won't be able to run anyway. On the other hand, any security hole in any library the program links with potentially requires a recompile. Even glibc itself receives several CVEs per year; they are in functions you almost surely don't use but the binary doesn't provide this information anymore -- requiring the Security Team to analyze what is going on. That's why the Policy hates this seemingly minor issue so much. Meow! -- System Information: Debian Release: bookworm/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (120, 'experimental'), (1, 'experimental-debug') merged-usr: no Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.19.3-00017-g519775569157 (SMP w/64 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages zutils depends on: ii libc6 2.35-0experimental1 ii libgcc-s1 12.2.0-1 ii libstdc++6 12.2.0-1 Versions of packages zutils recommends: ii bzip2 1.0.8-5 ii lzip 1.23-4 ii xz-utils 5.2.5-2.1 ii zstd 1.5.2+dfsg-1 zutils suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: zutils Source-Version: 1.12~pre2-2 Done: Daniel Baumann <daniel.baum...@progress-linux.org> We believe that the bug you reported is fixed in the latest version of zutils, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1018...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Baumann <daniel.baum...@progress-linux.org> (supplier of updated zutils package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 05 Sep 2022 11:23:09 +0200 Source: zutils Architecture: source Version: 1.12~pre2-2 Distribution: sid Urgency: medium Maintainer: Daniel Baumann <daniel.baum...@progress-linux.org> Changed-By: Daniel Baumann <daniel.baum...@progress-linux.org> Closes: 1018043 Changes: zutils (1.12~pre2-2) sid; urgency=medium . * Uploading to sid. * Building zutils dynamically as static-workaround is not necessary anymore (Closes: #1018043). Checksums-Sha1: bc70b39680971e9da7278a27c87f9c3629656b12 1931 zutils_1.12~pre2-2.dsc 7d78f4cbc4890f732b06f95150908341a9acb2f5 7096 zutils_1.12~pre2-2.debian.tar.xz cb2a5a4b87af8d5363f09fa7fa4cc0afef9f2f99 6593 zutils_1.12~pre2-2_amd64.buildinfo Checksums-Sha256: 7a9ebbaf4043568274471a8f2849737351d877d1fdaa9ca1b9c549dae6c8f189 1931 zutils_1.12~pre2-2.dsc b079f6194d4acc502bf7f45d95a3c39b5e1fe1734e70e529284e6f97fa65439d 7096 zutils_1.12~pre2-2.debian.tar.xz 22fe8737a518707524b64aba6139d72eb815bc268f172f2198417dd920433b8d 6593 zutils_1.12~pre2-2_amd64.buildinfo Files: 2e4ec49dd0513e22c558ced412ed7564 1931 utils optional zutils_1.12~pre2-2.dsc 7f660410dd7ab77a40327788356a84c2 7096 utils optional zutils_1.12~pre2-2.debian.tar.xz 162e3a46746d77bbdf22555c3ffc8d69 6593 utils optional zutils_1.12~pre2-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgTbtJcfWfpLHSkKSVc8b+YaruccFAmMVwHUACgkQVc8b+Yar ucddsw//eyUe/55D3FF5LhgD5+/IZG7qn05jKmZfPrtQ7cBOfSE9w/FbuPkK47VQ CIYs5wVHw+LPGeOx2CWsoxIQ0pbnRwWYcngHXMXXUFalLEOV7Ozj6PZ9fFLkSh6T gfVaa96PZECGrvYLjbjnxTda1b5RT9XQ/fmUJHEKQUFfeS2/OxNdw6+ZVcufZk+1 7X4n0tiyC0iCUz2ws1t3Pxo1VyonnEa8QZcaWITE1ztGg556NxWxHul1sk94AmxX d7XmWi6yVkNWymeMO8st6hwjbI20jG+IBLW5M7dEUCGuZc8nMNwgXCGxMbHD15wF BOxlH7YnFYnMQgwZSWHqvmL/ga95ydBdiLnU1kAtwDkXO6vHolxJ1gVtqaFNMUZm ywzocxIdmZqaOfelLosLRiwLHYob0X+oNNi1knmCksQhTe4GSZblP3CeLIA6fs5r KzBFW6+m0ePi125DgHZzQppcnx/ecV///cuWwqjJLu/qZ3OuR6yVaf/1bYkVfRP0 hK4w4duSvIcWwfftmk9pYpY/bVwhmOeGAyh9/HIGSnIQwDhBJLpEWukZXvK/Bc7r 8Hz3kOeVLNhoEjBNsFTaedjy1+WGVNiX0BzoYGwrQhFnDqKeebz0Oak2Ee9KmZO3 eEFAZi6rYxvGduZFdfqgsP6K8FV30EWmf94MeEAiI5XG8pZxUU0= =tIcZ -----END PGP SIGNATURE-----
--- End Message ---
