Bug#759665: RFS: libtorrent-rasterbar/0.16.17-1~bpo70+1 [NMU]
Hello Vincent, Thank you for the recommendation. I was going to propose a wheezy update at first, but I opted for wheezy-backports exactly because of devref 5.5.1: Extra care should be taken when uploading to stable. Basically, a package should only be uploaded to stable if one of the following happens: * a truly critical functionality problem * the package becomes uninstallable * a released architecture lacks the package The mentioned bug shows itself in at least some Xeon CPUs as far as I can tell, but only impacts encrypted BitTorrent transfers. The library remains perfectly usable for unencrypted tranfers. I also informed the current maintainer so that he may decide whether this is a truly critical functionality problem. In my humble opinion it's not. It may be average or important, not critical. Martino Dell'Ambrogio Security Auditor Web: http://www.tillo.ch/ Email: ti...@tillo.ch On 08/31/2014 12:57 AM, Vincent Cheng wrote: Hi Martino, On Fri, Aug 29, 2014 at 2:03 AM, Martino Dell'Ambrogio ti...@tillo.ch wrote: Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package libtorrent-rasterbar on wheezy-backports. This is a straightforward rebuild of the current testing package. The reason for wanting libtorrent-rasterbar 0.16.x (libtorrent-rasterbar7, python-libtorrent...) on the current stable is that it fixes a crash bug involving OpenSSL and encrypted transfers for any bittorrent client depending on the library. If your intent for providing this backport is to fix a bug in stable, I strongly recommend that you instead fix it in stable proper, i.e. prepare a minimal diff against the package in wheezy and file a wheezy proposed update request against the release.debian.org pseudo-package with reportbug (see devref 5.5.1 [1] for more details). Once the release team approves of the debdiff, you can then request a sponsor here as well (or contact the maintainers/uploaders to see if they'd be interested in fixing the bug in wheezy themselves). Regards, Vincent [1] https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable smime.p7s Description: S/MIME Cryptographic Signature
Bug#759665: RFS: libtorrent-rasterbar/0.16.17-1~bpo70+1 [NMU]
On Mon, Sep 1, 2014 at 12:53 AM, Martino Dell'Ambrogio ti...@tillo.ch wrote: Hello Vincent, Thank you for the recommendation. I was going to propose a wheezy update at first, but I opted for wheezy-backports exactly because of devref 5.5.1: Extra care should be taken when uploading to stable. Basically, a package should only be uploaded to stable if one of the following happens: * a truly critical functionality problem * the package becomes uninstallable * a released architecture lacks the package I consider devref 5.5.1 to exaggerate a bit when it comes to criteria for stable release updates (and not all stable release updates have strictly followed that criteria). I obviously can't speak on behalf of the release team since I'm not a member, but I invite you to file a wheezy-pu request anyways; the worst that can happen is that it's rejected. Ideally you want to provide a debdiff that's targeted (i.e. it fixes that bug, and nothing else), is as small as possible, and has minimal regression potential; that'll give you the best shot at getting your proposed update approved. The mentioned bug shows itself in at least some Xeon CPUs as far as I can tell, but only impacts encrypted BitTorrent transfers. The library remains perfectly usable for unencrypted tranfers. I also informed the current maintainer so that he may decide whether this is a truly critical functionality problem. In my humble opinion it's not. It may be average or important, not critical. Definitely, it's always a good idea to talk to the maintainer/uploaders prior to proposing a stable release update or a backport for a package that they maintain. Regards, Vincent -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#759665: RFS: libtorrent-rasterbar/0.16.17-1~bpo70+1 [NMU]
Hi Martino, On Fri, Aug 29, 2014 at 2:03 AM, Martino Dell'Ambrogio ti...@tillo.ch wrote: Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package libtorrent-rasterbar on wheezy-backports. This is a straightforward rebuild of the current testing package. The reason for wanting libtorrent-rasterbar 0.16.x (libtorrent-rasterbar7, python-libtorrent...) on the current stable is that it fixes a crash bug involving OpenSSL and encrypted transfers for any bittorrent client depending on the library. If your intent for providing this backport is to fix a bug in stable, I strongly recommend that you instead fix it in stable proper, i.e. prepare a minimal diff against the package in wheezy and file a wheezy proposed update request against the release.debian.org pseudo-package with reportbug (see devref 5.5.1 [1] for more details). Once the release team approves of the debdiff, you can then request a sponsor here as well (or contact the maintainers/uploaders to see if they'd be interested in fixing the bug in wheezy themselves). Regards, Vincent [1] https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#759665: RFS: libtorrent-rasterbar/0.16.17-1~bpo70+1 [NMU]
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package libtorrent-rasterbar on wheezy-backports. This is a straightforward rebuild of the current testing package. The reason for wanting libtorrent-rasterbar 0.16.x (libtorrent-rasterbar7, python-libtorrent...) on the current stable is that it fixes a crash bug involving OpenSSL and encrypted transfers for any bittorrent client depending on the library. For more information about the bug: https://bugs.launchpad.net/ubuntu/+source/deluge/+bug/1232311 * Package name: libtorrent-rasterbar * Version : 0.16.17-1~bpo70+1 * Upstream Author : Rasterbar Software cont...@rasterbar.com * URL : http://www.rasterbar.com/products/libtorrent/index.html * License : http://www.opensource.org/licenses/bsd-license.php * Section : libs It builds those binary packages: libtorrent-rasterbar-dbg - Debug symbols for libtorrent-rasterbar libtorrent-rasterbar-dev - Development files for libtorrent-rasterbar libtorrent-rasterbar-doc - Documentation for libtorrent-rasterbar libtorrent-rasterbar7 - C++ bittorrent library by Rasterbar Software python-libtorrent - Python bindings for libtorrent-rasterbar python-libtorrent-dbg - Python bindings for libtorrent-rasterbar (debug symbols) python3-libtorrent - Python bindings for libtorrent-rasterbar (Python 3) python3-libtorrent-dbg - Python bindings for libtorrent-rasterbar (debug symbols) (Python To access further information about this package, please visit the following URL: http://mentors.debian.net/package/libtorrent-rasterbar Alternatively, one can download the package with dget using this command: dget -x http://mentors.debian.net/debian/pool/main/libt/libtorrent-rasterbar/libtorrent-rasterbar_0.16.17-1~bpo70+1.dsc Thank you, tillo -- Martino Dell'Ambrogio Security Auditor Web: http://www.tillo.ch/ Email: ti...@tillo.ch smime.p7s Description: S/MIME Cryptographic Signature