[Pkg-ia32-libs-maintainers] ia32-libs update for lenny (2.7+lenny1)

Thijs Kinkhorst thijs at debian.org
Mon Jun 28 21:00:03 UTC 2010 

Hi Goswin,

On sneon 24 April 2010, Goswin von Brederlow wrote:
> Hi,
> 
> I've prepared an ia32-libs update for Lenny and uploaded it to
> mentors.debian.net [1]. The upload brings ia32-libs back in sync with
> the packages contained in stable and stable security. The only other
> change to the binaries is fixing a broken symlink so ia32-libs works on
> ia64 at all (#563402). Please upload this to security.debian.org.
> 
> As you can see below (see debian/changelog) there are quite a number of
> bugs and ~60 security issues fixed by this upload. The upload contains
> updates from the following packages:

Thanks for your work on this. I hope you can forgive us for the long shelf 
life of this issue, which stems from the combination of other priorities and 
the complex nature of this package.

I have reviewed it and am generally ok with it.

What definately jumps out at first is that the updated packages contain 
updates that normally have no place in a stable security update, like new 
upstream releases even. I understand where this comes from, namely that 
current stable already contains these changes and that the jump is necessary 
to bring them up to date. Given that the packages are in this form in stable I 
think this is acceptable. However, ideally it would be better in the future if 
this kind of jump would be minimised as far as possible. For squeeze, would it 
be possible to update ia32-libs very close to the end of the release cycle, so 
it would contain nearly all package versions as they are to be released? Also, 
having an ia32-libs update in the first point update after stable's release 
that rounds up the changes in the window between the last regular ia32-libs 
upload and the actual release of stable would be very desirable, to keep 
subsequent changes in ia32-libs in DSA context limited to actual security 
fixes. What do you think?

Besides from this thought the current updated packages look correct.

A number of them have had further updates since you prepared this package 
version. If you wish you can update them to include those fixes aswell, would 
be nice.

As for the changes to ia32-libs packaging, the following three changes are not 
acceptable in a stable-security upload:

  * Add misc depends for debhelper.
  * Add lots of lintian overrides where nothing can be done about them.
  * Bump debhelper compat to 5.

Perhaps they were made to address Lintian reports. It is not necessary (or 
even desirable) to do that kind of cleanup in a stable upload. Please revert 
those.


Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-ia32-libs-maintainers/attachments/20100628/507c4068/attachment.pgp>

More information about the Pkg-ia32-libs-maintainers mailing list