Jamie, Thanks for your review.
On Fri, Mar 08, 2013 at 10:43:51PM -0000, Jamie Strandboge wrote: > Thanks for your patches! Unfortunately, I can't process them at this time due > to the following: > - the oneiric debdiff does not use the format as prescribed by > https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging > - the precise debdiff does not use the format as prescribed by > https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging > - the quantal debdiff does not use the format as prescribed by > https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging > - the oneiric debdiff patches debian/patches/debian-changes. This is a source > format v3 (quilt) package so the security updates should be in their own > patches. When redoing this patch, be sure to include DEP-3 comments (the > information that would have been in these is missing from debian/changelog) > - the precise debdiff patches debian/patches/debian-changes. This is a source > format v3 (quilt) package so the security updates should be in their own > patches. When redoing this patch, be sure to include DEP-3 comments (the > information that would have been in these is missing from debian/changelog) > - the quantal debdiff patches the files inline which it is a source format v3 > (quilt) package. When redoing this patch, be sure to include DEP-3 comments > (the information that would have been in these is missing from > debian/changelog) I'll address these concerns in a reupload. > - the oneiric debdiff has the wrong version-- it should be 1.6.0-1ubuntu0.1 > - the quantal debdiff does not use the correct version. It should be > 1.6.1-2ubuntu2.1 > - the precise debdiff has the wrong version-- it should have been > 1.6.1-1ubuntu0.2 with precise-proposed as 1.6.1-1ubuntu0.1, but > precise-proposed' version of 1.6.1-1+ubuntu0.1 was mistakenly accepted. > Unfortunately, if we are basing on the precise-proposed package, we have to > use 1.6.1-1+ubuntu0.2 I'll increment the precise version, but it wasn't mistakingly accepted, see below: In <https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/356861/comments/1>, ~broder wrote: > Be careful choosing version numbers for this. The normal mechanism for > an Ubuntu security version number will result in kernel modules with a > lower version than the current modules. > - the precise debdiff is based on a package in precise-proposed. This should > be based on what is currently in -security or -updates (see > https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging) I had previously gotten approval to base off of what is in -proposed. In any case, -proposed will move to -updates on Monday. > The Lucid package is patchless, so the inline patches are fine. The > debdiff didn't have the correct debian/changelog formatting, but I > adjusted it. It would have been nice to have commit URLs (ie, what would > have been in the DEP-3 comments), but I've uploaded it after verify the > commits against upstream. > > Unsubscribing ubuntu-security-sponsors for now. Please resubscribe after > updating the oneiric-quantal debdiffs. Thanks! Thanks, Luke -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1145560 Title: OpenAFS Security Advisories 2013-001 and 2013-002 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openafs/+bug/1145560/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
