Bug#889836: Embedded code copy of python-magic

Mathias Behrle mbehrle at debian.org
Tue Feb 20 16:40:30 UTC 2018 

* Gianfranco Costamagna: " Re: Embedded code copy of python-magic" (Tue, 20 Feb
  2018 15:14:46 +0100):

> control: tags -1 wontfix
> control: close -1
> 
> On Wed, 7 Feb 2018 18:42:51 +0100 Mathias Behrle <mbehrle at debian.org> wrote:
> > Package: sqlmap
> > Version: 1.2-1
> > Severity: normal
> > Usertags: embedded-code-copy
> > 
> > Dear maintainers,
> > 
> > your binary package embeds a code copy of the Python magic module. [1]
> > python-magic 2:0.4.15-1 providing a compatibility layer by Adam Hupp [2]
> > has now hit unstable. According to Debian Policy 4.13 you should now use
> > this package and remove the embedded code copy.
> >   
> 
> Hello, I reported this upstream [1], and I got a simple nack.
> Please try to cleanup and have a common implementation, convince upstream to
> use it, and then I'll import on the next release.
> I don't want to break sqlmap with your code version.
> 
> [1] https://github.com/sqlmapproject/sqlmap/pull/2933
> 
> G.
> 

Thanks for at least trying to push the change upstream.

I don't understand the meaning of

"
-> and now he is trying to force his own TRUE version for a simple wrapper.
Case closed
"

as there isn't anyone nowhere forcing to push anything.

Note: It is Adam Hupp, the author of the magic bindings that *sqlmap* *uses*,
who thankfully is implementing this change.

, but anyway I think you could still apply your really non-invasive patch in
Debian. If anything *should* break, it can be removed within seconds. But you
had tried to comply a little bit more with policy. FTR diff attached between
current magic in sqlmap vs. current magic [1].

Of course YMMV,
Mathias

[1] https://github.com/ahupp/python-magic/tree/libmagic-compat

-- 

    Mathias Behrle
    PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6
    AC29 7E5C 46B9 D0B6 1C71  7681 D6D0 9BE4 8405 BBF6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: text/x-patch
Size: 15913 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20180220/70b0100b/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 867 bytes
Desc: Digitale Signatur von OpenPGP
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20180220/70b0100b/attachment-0001.sig>

More information about the Pkg-security-team mailing list