Re: cgiirc Hijacking
Joe Smith [EMAIL PROTECTED] wrote: As I understand it, there is no good reason to have s.d.o in my sources list, as the packages in there are for sarge, and may not be compatible with the current sid ABI. This is nonsense. If this should really be the way you understand it, please ask yourself why a package's version on s.d.o which overrides a version in unstable (i.e. the version on s.d.o is bigger than the version in unstable) should ever have a less compatible ABI than the (smaller) version in unstable. regards Mario -- It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories instead of theories to suit facts. -- Sherlock Holmes by Arthur Conan Doyle -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: cgiirc Hijacking
On Wed, Jun 21, 2006 at 08:07:28AM +0200, Mario 'BitKoenig' Holbe wrote: Joe Smith [EMAIL PROTECTED] wrote: As I understand it, there is no good reason to have s.d.o in my sources list, as the packages in there are for sarge, and may not be compatible with the current sid ABI. This is nonsense. If this should really be the way you understand it, please ask yourself why a package's version on s.d.o which overrides a version in unstable (i.e. the version on s.d.o is bigger than the version in unstable) should ever have a less compatible ABI than the (smaller) version in unstable. You should not mix suites (releases) in your sources.list generally, espcially not stable with testing/unstable. Security.d.o for stable might have packages that are no longer present in testing/unstable, which would make it undesirable to install the security.d.o versions, also, if there's something really worthwhile in security.d.o for stable, that should also be made available in appropriate form for testing/unstable. It's the job of the maintainer(s) to oversee this, and ensure that it happens. There is no reason a user should (need to) add stable security for his/her unstable machine. Elsewhere in this thread there's already discussion about the technical details why it didn't happen yet in this case and how it should happen, I'm not repeating that discussion here. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: cgiirc Hijacking
* Mario Holbe: We did. 0.5.4-6sarge1 was on s.d.o as soon as possible. Since there were no newer version in unstable, the version on s.d.o should have had automatically override even the unstable version. Of course, if you don't source in s.d.o, you don't get security updates :) In this case, the security update should have been propagated to testing and unstable automatically. For a few months, dak behaved that way. I don't know what has changed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: cgiirc Hijacking
Hi Florian, On Wed, Jun 21, 2006 at 07:34:49PM +0200, Florian Weimer [EMAIL PROTECTED] wrote: * Mario Holbe: We did. 0.5.4-6sarge1 was on s.d.o as soon as possible. Since there were no newer version in unstable, the version on s.d.o should have had automatically override even the unstable version. Of course, if you don't source in s.d.o, you don't get security updates :) In this case, the security update should have been propagated to testing and unstable automatically. For a few months, dak behaved that way. I don't know what has changed. For proposed-updates is a new queue-handling in place [1]. This means that all packages which get uploaded to security.debian.org get into this new proposed-update queue, before they get accepted into the real proposed-update queue. For dak packages in the new proposed-update queue are just as _not being uploaded at all_ before they are accepted by the stable release team members. cgiirc was a special case as version in sid and version in sarge were the same. Packages from security.d.o still get synced to ftpmaster.d.o, but into the new proposed-queue, which needs interaction by the stable release managers. We are aware of this, and it should be solved (hopefully) by the next dinstall run. Greetings Martin [1] http://lists.debian.org/debian-devel-announce/2006/06/msg7.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: cgiirc Hijacking
On Mon, Jun 19, 2006 at 07:02:50PM -0300, Damián Viano wrote: Hi, I've seen cgiirc[1] in a bad state for some time now, I tried to contact the maintainer (Mario Holbe) more than a month ago, offering my help and my work[2]. No answer so far. Mario and I were busy. And I was trying to update the packaging. Our sponsor is on vacation, we planned to upload when he will return. This is a sponsored uploaded package that only had 1 upload, and had a DSA[3] issued which is still not fixed outside of sarge. [...] We made that DSA happen. And we were told more than once, that the sarge fix would propagate to unstable und ultimately testing. This did not happen. Not our fault. It has been removed from testing and it would be a shame to ship without it, since it's just a maintenance problem. packages.debian.org/cgiirc has it in testing. [...] I currently have a developer willing to sponsor my work on this package, we'll be uploading tonight after the daily dak run if there is no further news on/from Mario. The urgency is mostly for the security bug. Mario and I are happy, that you're now maintaining this package. It frees us for other open source work we have to care for and our real life. As I still have some stuff for cgiirc packaging in my local trees (partly by Paul Wise), I will file bugs with patches, so you can consider including them. Elrond -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: cgiirc Hijacking
On 6/20/06, Elrond [EMAIL PROTECTED] wrote: On Mon, Jun 19, 2006 at 07:02:50PM -0300, Damián Viano wrote: I've seen cgiirc[1] in a bad state for some time now, I tried to contact the maintainer (Mario Holbe) more than a month ago, offering my help and my work[2]. No answer so far. Mario and I were busy. And I was trying to update the packaging. Our sponsor is on vacation, we planned to upload when he will return. In cases where a security bug is being fixed, you usually try to upload the package as soon as possible. If your sponsor is on vacation, you should find another sponsor. If you have trouble preparing the package, then ask for help... But not let the bug sit unfixed for more than a month. This is a sponsored uploaded package that only had 1 upload, and had a DSA[3] issued which is still not fixed outside of sarge. We made that DSA happen. And we were told more than once, that the sarge fix would propagate to unstable und ultimately testing. This did not happen. Not our fault. Who told you that the sarge fix would propagate? Packages don't *propagate* from stable. If you want a package that was uploaded to stable to go to unstable, an upload is needed. You should have asked for a sponsor. Elrond This is my personal opinion, but I know that other people share it: it would be really nice if you could use your real name in what regards to Debian communication. Nicknames are accepted on IRC, but when dealing with packages, bugs, and similiar stuff, we all stick to our real names. -- Besos, Marga
Re: cgiirc Hijacking
On Tue, Jun 20, 2006 at 01:18:11PM -0300, Margarita Manterola wrote: In cases where a security bug is being fixed, you usually try to upload the package as soon as possible. If your sponsor is on We did. 0.5.4-6sarge1 was on s.d.o as soon as possible. Since there were no newer version in unstable, the version on s.d.o should have had automatically override even the unstable version. Of course, if you don't source in s.d.o, you don't get security updates :) preparing the package, then ask for help... But not let the bug sit unfixed for more than a month. We didnt. Mario -- There is nothing more deceptive than an obvious fact. -- Sherlock Holmes by Arthur Conan Doyle signature.asc Description: Digital signature
Re: cgiirc Hijacking
Mario 'BitKoenig' Holbe [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Tue, Jun 20, 2006 at 01:18:11PM -0300, Margarita Manterola wrote: In cases where a security bug is being fixed, you usually try to upload the package as soon as possible. If your sponsor is on We did. 0.5.4-6sarge1 was on s.d.o as soon as possible. Since there were no newer version in unstable, the version on s.d.o should have had automatically override even the unstable version. Of course, if you don't source in s.d.o, you don't get security updates :) I run unstable and do not have s.d.o As I understand it, there is no good reason to have s.d.o in my sources list, as the packages in there are for sarge, and may not be compatible with the current sid ABI. Besides, s.d.o is already a highly stressed server. (AFAIK) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: cgiirc Hijacking
On Tue, 2006-06-20 at 13:18 -0300, Margarita Manterola wrote: Who told you that the sarge fix would propagate? Packages don't *propagate* from stable. If you want a package that was uploaded to stable to go to unstable, an upload is needed. You should have asked for a sponsor. Well, at least this used to work in the past. If the version in stable was greater than that in unstable or testing, that version would also propagate there. This is not only convenient for security updates to packages with the same version in stable as in unstable, but also makes sure the condition stable = testing = unstable remains valid. Appearently this didn't happen here, but as far as I understand it, that's a bug. Thijs signature.asc Description: This is a digitally signed message part
Re: cgiirc Hijacking
On Tue, Jun 20, 2006 at 01:18:11PM -0300, Margarita Manterola wrote: This is a sponsored uploaded package that only had 1 upload, and had a DSA[3] issued which is still not fixed outside of sarge. We made that DSA happen. And we were told more than once, that the sarge fix would propagate to unstable und ultimately testing. This did not happen. Not our fault. Who told you that the sarge fix would propagate? Packages don't *propagate* from stable. Yes, they most certainly do... when the proposed-updates queue is fully operational, which it has not been since the last point release of sarge. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Re: cgiirc Hijacking
On Tue, Jun 20, 2006 at 10:45:27PM +0200, Thijs Kinkhorst wrote: On Tue, 2006-06-20 at 13:18 -0300, Margarita Manterola wrote: Who told you that the sarge fix would propagate? Packages don't *propagate* from stable. If you want a package that was uploaded to stable to go to unstable, an upload is needed. You should have asked for a sponsor. Well, at least this used to work in the past. If the version in stable was greater than that in unstable or testing, that version would also propagate there. This is not only convenient for security updates to packages with the same version in stable as in unstable, but also makes sure the condition stable = testing = unstable remains valid. Appearently this didn't happen here, but as far as I understand it, that's a bug. The package isn't in sarge/stable on ftp-master/all mirrors, only on security.d.o, that's why. Not a bug, but a 'feature' -- the package hasn't been approved yet for stable[1], so neither propagated to testing/unstable. --Jeroen [1] Due to infractructure not being ready yet, mostly -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
cgiirc Hijacking
Hi, I've seen cgiirc[1] in a bad state for some time now, I tried to contact the maintainer (Mario Holbe) more than a month ago, offering my help and my work[2]. No answer so far. This is a sponsored uploaded package that only had 1 upload, and had a DSA[3] issued which is still not fixed outside of sarge. Several upstream versions have passed unnoticed. It has been removed from testing and it would be a shame to ship without it, since it's just a maintenance problem. I currently use[4] and maintain[5] this package and think that if for whatever reason the actual maintainer can't keep it in good shape my work could very well be useful for many other debian users. Therefore my intention to hijack this package. I currently have a developer willing to sponsor my work on this package, we'll be uploading tonight after the daily dak run if there is no further news on/from Mario. The urgency is mostly for the security bug. Damián Viano(Des). [1] http://packages.qa.debian.org/cgiirc [2] http://damianv.com.ar/debian/cgiirc [3] http://www.debian.org/security/2006/dsa-1052 [4] http://irc.lug.fi.uba.ar/ [5] http://damianv.com.ar/cgi-bin/packages.cgi signature.asc Description: Digital signature