retitle -1 release.debian.org: binNMU for e2fsck-static to rebuild against latest dietlibc reassign -1 release.debian.org user release.debian....@packages.debian.org usertag -1 binnmu thanks
On Tue, Dec 27, 2016 at 12:16:52PM +0000, Ben Hutchings wrote: > On Wed, 2016-12-21 at 22:49 -0500, Theodore Ts'o wrote: > > I noticed you reopened this and marked this as still being a problem > > in e2fsprogs/1.42.12-2 (it actually _is_ fixed in e2fsprogs/1.43.3-1). > > Is it worth trying to fix this in Debian Stable? Especially given > > that existence of snapshots.debian.org, the sources for dietlibc will > > always be available one way or another --- and that might be good > > enough for GPL compliance. > > I think that snapshot.debian.org should be sufficient to keep Debian > itself in compliance, but not any downstream commercial distributors. > So all GPL sources should be available in the same suite, and Built- > Using provides the information that dak needs to ensure that. > > As it is, e2fsck-static in jessie has been built with dietlibc > 0.33~cvs20120325-6, but dietlibc has had a security update since then > so that version is no longer present. (That issue didn't affect > e2fsck-static so it hasn't been binNMU'd.) > > I think this could be resolved in stable simply by binNMU'ing e2fsck- > static for the architectures where it uses dietlibc. Agreed, that seems to be the best way to handle things. So that means we would need to do a binNMU for e2fsck-static/1.42.12-2 for the following architectures: alpha amd64 arm hppa i386 ia64 powerpc ppc64 s390 sparc I've reassigned this to the release team to see if the Stable Release Managers agree (which hopefully they will). Ted