[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-dev] Little issue about jailkit in Debian (urgent)

From: Olivier Sessink
Subject: Re: [Jailkit-dev] Little issue about jailkit in Debian (urgent)
Date: Thu, 15 Jul 2021 19:49:08 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0

That website makes the requirements clear:

In most cases, it's not appropriate to upload a new upstream release at
this point. New upstream release usually contain unrelated changes,
which might be inappropriate or make review much more difficult.
Uploading a new upstream release is only appropriate when the resulting
debdiff doesn't contain changes that wouldn't be in the debdiff of a
targeted change. When in doubt, ask for pre-approval before uploading a
new upstream release.

Some examples of changes that are undesirable during a freeze:

    bumping the debhelper compat level
    switching to a different packaging helper
    adding or dropping a systemd unit or an init script
    adding, removing or renaming binary packages
    adding or removing support for a language (version)
    moving files between binary packages
    changing relations (depends, conflicts, ...) between packages
    changes that affect other packages
    dropping a -dbg package in favour of -dbgsym
    rearranging code, 'cleanups', etc

all of these are not the case. There is two security related bug fixes
and a version bump. That is all the difference between 2.21 and 2.22. So
I would say that it meets the requirements.


On 15-07-2021 17:15, Eriberto wrote:
> Hi Olivier,
> Thanks a lot for your quick reply.
> Em qui., 15 de jul. de 2021 às 05:09, Olivier Sessink
> <olivier@bluefish.openoffice.nl> escreveu:
>> Hi Eriberto,
>> yes it is secure to change only those two lines.
>> however, the only other change in 2.22 is in jk_lsh.c
>> https://cvs.savannah.nongnu.org/viewvc/jailkit/jailkit/src/jk_lsh.c?r1=1.36&r2=1.37&sortby=log
>> which is also a (minor) security update (it improves security logging).
>> I don't know what the policy for a frozen Debian is, but 2.22 is
>> functional identical to 2.21 with only security improvements. So isn't
>> it safer to use 2.22 ? There is no chance there could be any
>> incompatibility between 2.21 and 2.22 because there are no changes
>> besides security.
>> Olivier
> The frozen policy[1] doesn't allow uploading new upstream (mainstream)
> releases at this time. Consequently, today, I will re-upload 2.21 with
> a patch to fix jk_update.
> [1] https://release.debian.org/bullseye/freeze_policy.html
> Cheers,
> Eriberto

Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]