Bug#882904: MariaDB 10.0.33 to next Jessie point release

2018-06-08 Thread Adam D. Barratt 
Control: tags -1 +moreinfo

On Mon, 2017-11-27 at 19:50 +, Adam D. Barratt wrote:
...
> On Mon, 2017-11-27 at 21:23 +0200, Otto Kekäläinen wrote:
...
> > I will prepare the final changelog when I have thumbs up from you
> > to
> > do so.
> 
> You appear to be stuck in a little bit of a chicken-and-egg
> situation,
> given that the final decision as to whether to accept the package
> will
> be based on a diff of the final source package.
> 
...
> We very much prefer diffs to form part of the bug log, not least
> because they're guaranteed to persist in that manner.
> 

That never happened, and 10.0.32 is stuck in oldstable-new because it
FTBFS on multiple architectures. Is 10.0.33 expected to fix all of
those issues?

Regards,

Adam

Bug#882904: MariaDB 10.0.33 to next Jessie point release

2017-11-27 Thread Adam D. Barratt 
user release.debian@packages.debian.org
usertags 882904 + pu
tags 882904 + jessie moreinfo
retitle 882904 pu: package mariadb/10.0.33
thanks

[If you're unable or unwilling to add the correct metadata yourself,
please at least use reportbug so that it does it for you.]

On Mon, 2017-11-27 at 21:23 +0200, Otto Kekäläinen wrote:
> I hereby request permission from the release team to upload
> mariadb-10.0 release 10.0.33-1 to the next Jessie point release.
> 
> This upload does not strictly qualify the criteria listed at
> https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upl
> oad-stable
> but the security team suggested this upstream micro release, which
> contains a few minor security fixes, would be a good fit for a stable
> point release instead of going in as an urgent security update.
> 
> Current changelog draft:
> 
> +mariadb-10.0 (10.0.33-0+deb8u1) jessie; urgency=medium
> +
> + * New upstream version 10.0.33. Includes fixes for the following
> + security vulnerabilities:
> + - CVE-2017-10378, MDEV-13819
> + - CVE-2017-10268
> + * Refresh patches on top of MariaDB 10.0.33
> +
> + -- Otto Kekäläinen  Tue, 21 Nov 2017 11:05:51
> +0100
> 
> 
> I will prepare the final changelog when I have thumbs up from you to
> do so.

You appear to be stuck in a little bit of a chicken-and-egg situation,
given that the final decision as to whether to accept the package will
be based on a diff of the final source package.

> Please also advise me on what is the correct revision string
> and release pocket string – my experience is mostly about security
> uploads, very seldom have I done point release stable updates.

The version number style for both security and stable updates are the
same, so 10.0.33-0+deb8u1. The suite name in the changelog ("pocket" is
an Ubuntuism, not used in Debian) should be "jessie".

> Here is debdiff for current git head;
> https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/debia
> n/?id2=debian/10.0.32-1=jessie
> 
> and diff off the whole package, including upstream sources:
> https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/?id2=
> debian/10.0.32-1=jessie

We very much prefer diffs to form part of the bug log, not least
because they're guaranteed to persist in that manner.

Regards,

Adam

Bug#882904: MariaDB 10.0.33 to next Jessie point release

2017-11-27 Thread Otto Kekäläinen 
Package: release.debian.org
Severity: normal


I hereby request permission from the release team to upload
mariadb-10.0 release 10.0.33-1 to the next Jessie point release.

This upload does not strictly qualify the criteria listed at
https://www.debian.org/doc/manuals/developers-reference/pkgs.html#upload-stable
but the security team suggested this upstream micro release, which
contains a few minor security fixes, would be a good fit for a stable
point release instead of going in as an urgent security update.

Current changelog draft:

+mariadb-10.0 (10.0.33-0+deb8u1) jessie; urgency=medium
+
+ * New upstream version 10.0.33. Includes fixes for the following
+ security vulnerabilities:
+ - CVE-2017-10378, MDEV-13819
+ - CVE-2017-10268
+ * Refresh patches on top of MariaDB 10.0.33
+
+ -- Otto Kekäläinen  Tue, 21 Nov 2017 11:05:51 +0100


I will prepare the final changelog when I have thumbs up from you to
do so. Please also advise me on what is the correct revision string
and release pocket string – my experience is mostly about security
uploads, very seldom have I done point release stable updates.


Here is debdiff for current git head;
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/debian/?id2=debian/10.0.32-1=jessie

and diff off the whole package, including upstream sources:
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/diff/?id2=debian/10.0.32-1=jessie