retitle -1 release.debian.org: binNMU for e2fsck-static to rebuild against
latest dietlibc
reassign -1 release.debian.org
user release.debian....@packages.debian.org
usertag -1 binnmu
thanks
On Tue, Dec 27, 2016 at 12:16:52PM +0000, Ben Hutchings wrote:
> On Wed, 2016-12-21 at 22:49 -0500, Theodore Ts'o wrote:
> > I noticed you reopened this and marked this as still being a problem
> > in e2fsprogs/1.42.12-2 (it actually _is_ fixed in e2fsprogs/1.43.3-1).
> > Is it worth trying to fix this in Debian Stable? Especially given
> > that existence of snapshots.debian.org, the sources for dietlibc will
> > always be available one way or another --- and that might be good
> > enough for GPL compliance.
>
> I think that snapshot.debian.org should be sufficient to keep Debian
> itself in compliance, but not any downstream commercial distributors.
> So all GPL sources should be available in the same suite, and Built-
> Using provides the information that dak needs to ensure that.
>
> As it is, e2fsck-static in jessie has been built with dietlibc
> 0.33~cvs20120325-6, but dietlibc has had a security update since then
> so that version is no longer present. (That issue didn't affect
> e2fsck-static so it hasn't been binNMU'd.)
>
> I think this could be resolved in stable simply by binNMU'ing e2fsck-
> static for the architectures where it uses dietlibc.
Agreed, that seems to be the best way to handle things. So that means
we would need to do a binNMU for e2fsck-static/1.42.12-2 for the
following architectures:
alpha amd64 arm hppa i386 ia64 powerpc ppc64 s390 sparc
I've reassigned this to the release team to see if the Stable Release
Managers agree (which hopefully they will).
Ted
