[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-dev] Little issue about jailkit in Debian (urgent)
From: |
Olivier Sessink |
Subject: |
Re: [Jailkit-dev] Little issue about jailkit in Debian (urgent) |
Date: |
Thu, 15 Jul 2021 19:49:08 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 |
That website makes the requirements clear:
----------------
In most cases, it's not appropriate to upload a new upstream release at
this point. New upstream release usually contain unrelated changes,
which might be inappropriate or make review much more difficult.
Uploading a new upstream release is only appropriate when the resulting
debdiff doesn't contain changes that wouldn't be in the debdiff of a
targeted change. When in doubt, ask for pre-approval before uploading a
new upstream release.
Some examples of changes that are undesirable during a freeze:
bumping the debhelper compat level
switching to a different packaging helper
adding or dropping a systemd unit or an init script
adding, removing or renaming binary packages
adding or removing support for a language (version)
moving files between binary packages
changing relations (depends, conflicts, ...) between packages
changes that affect other packages
dropping a -dbg package in favour of -dbgsym
rearranging code, 'cleanups', etc
----------------
all of these are not the case. There is two security related bug fixes
and a version bump. That is all the difference between 2.21 and 2.22. So
I would say that it meets the requirements.
Olivier
On 15-07-2021 17:15, Eriberto wrote:
> Hi Olivier,
>
> Thanks a lot for your quick reply.
>
> Em qui., 15 de jul. de 2021 às 05:09, Olivier Sessink
> <olivier@bluefish.openoffice.nl> escreveu:
>>
>> Hi Eriberto,
>>
>> yes it is secure to change only those two lines.
>>
>> however, the only other change in 2.22 is in jk_lsh.c
>> https://cvs.savannah.nongnu.org/viewvc/jailkit/jailkit/src/jk_lsh.c?r1=1.36&r2=1.37&sortby=log
>> which is also a (minor) security update (it improves security logging).
>>
>> I don't know what the policy for a frozen Debian is, but 2.22 is
>> functional identical to 2.21 with only security improvements. So isn't
>> it safer to use 2.22 ? There is no chance there could be any
>> incompatibility between 2.21 and 2.22 because there are no changes
>> besides security.
>>
>> Olivier
>
> The frozen policy[1] doesn't allow uploading new upstream (mainstream)
> releases at this time. Consequently, today, I will re-upload 2.21 with
> a patch to fix jk_update.
>
> [1] https://release.debian.org/bullseye/freeze_policy.html
>
> Cheers,
>
> Eriberto
>
--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/