Processed: Re: Bug#1051474: libreoffice: Please add embeded code copies to embeded-code-copies on security tracker debian.tar.xz/tarballs
Processing commands for cont...@bugs.debian.org: > severity 1051474 important Bug #1051474 [src:libreoffice] libreoffice: Please add embeded code copies to embeded-code-copies on security tracker debian.tar.xz/tarballs Severity set to 'important' from 'serious' > thanks Stopping processing here. Please contact me if you need assistance. -- 1051474: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051474 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1051474: libreoffice: Please add embeded code copies to embeded-code-copies on security tracker debian.tar.xz/tarballs
severity 1051474 important thanks Hi, Am 08.09.23 um 19:19 schrieb Bastien Roucariès: Source: libreoffice Severity: serious Tags: security Justification: Document embdeded code copy + copyright X-Debbugs-Cc: Debian Security Team Since when is that serious? It isn't. There have been no complains from anyone in the security team in any of the last security updates? (None of which affected any of the internal copies used,) The policy says "should". And it it it followed. The most stuff isn't used as internal code copies, only the unavoidable ones is. And TTBOMK the security team DOES know it. > Could you document that you embded a few tar ball under the security tracker ? You mean I should send MRs to it? >Moreover you do not document where you downloaded these file a comment under copyright will be helpful (README.source say how to retrieve it not the link to get). The fetch it manually and put it there. (Which normally would be done from upstreams build systeem for ALL tarballs, even those not used..) (It basically always is https://dev-www.libreoffice.org/src/ (which mirrors stuff they got from the website): Makefile: $(call fetch_Download_item_unchecked,https://download.documentfoundation.org/libreoffice/src/$(shell echo $(gb_LO_VER) | sed -e "s/\([0-9]*\.[0-9]*\.[0-9]*\).*/\1/"),libreoffice-$(i)-$(gb_LO_VER).tar.xz)) Regards, Rene
Bug#1051474: libreoffice: Please add embeded code copies to embeded-code-copies on security tracker debian.tar.xz/tarballs
Source: libreoffice Severity: serious Tags: security Justification: Document embdeded code copy + copyright X-Debbugs-Cc: Debian Security Team Dear Maintainer, Could you document that you embded a few tar ball under the security tracker ? For oldstable/stable/unstable Version should be documented. Moreover you do not document where you downloaded these file a comment under copyright will be helpful (README.source say how to retrieve it not the link to get). Thanks Bastien -- System Information: Debian Release: trixie/sid APT prefers testing-debug APT policy: (900, 'testing-debug'), (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386, armel Kernel: Linux 6.4.0-3-rt-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled