Control: tags -1 + moreinfo On 2021-03-22 16:37:43 +0000, Barak A. Pearlmutter wrote: > Package: release.debian.org > Severity: normal > User: release.debian....@packages.debian.org > Usertags: unblock > > Please unblock package fossil > > [ Reason ] > > Marked for autoremoval due to #985124. > > The issue was fixed upstream. Given the nature of the package, I think > tracking their release candidate is better than cherry-picking the > change that appears directly related to this issue. They made a number > of other safety-related fixes to ensure robustness and security in the > face of old or compiled-with-wrong-options versions of SQLITE3. And > nothing that looks scary. > > [ Impact ] > > Will allow fossil to be in the release. > > [ Tests ] > > There is a comprehensive test suite, which can be run automatically. > It is disabled in debian/rules because the makefile says it needs to > be run in a fossil repo that will be discarded after the test because > the tests can corrupt it. Well, it used to say this: the comment is > gone, so maybe it's okay now. But in any case, the system passes all > tests right now. > > [ Risks ] > > This is a leaf package. > > It ticks various boxes for security sensitivity, sort of the union of > the security sensitivity of git and a web server and a wiki. Upstream > is extremely responsive and careful. I think the best option is to > follow upstream's recommendation, which is to track their releases. > > [ Checklist ] > [X] all changes are documented in the d/changelog > [X] I reviewed all changes and I approve them > [ ] attach debdiff against the package in testing > > I'm attaching the debdiff, but it's large. Due mainly to changes in > the enclosed sqlite3 (unused unless the debian version is too old or > otherwise unsuitable), and tweaks to static material in the integrated > wiki.
212 files changed, 12355 insertions(+), 12425 deletions(-) We cannot review that in any reasonable way. Please provide a filtered debdiff. Cheers > > unblock fossil/1:2.15~rc2-1 > <#part type="application/octet-stream" filename="~/tmp/ddiff2" > disposition=attachment> > <#/part> > -- Sebastian Ramacher
signature.asc
Description: PGP signature
