On 2019-01-30 13:39, Dirk Eddelbuettel wrote:
On 30 January 2019 at 13:11, Adam D. Barratt wrote:
| On 2019-01-29 11:53, Dirk Eddelbuettel wrote:
...
| > Happy to upload once you give a green light. (System information
| > remove as I
| > type this on Ubuntu 18.10 ...)
|
| Apparently it was already uploaded.
|
| patches/updated-upstream-changes | 2699
| +++++++++++++++++++++++++++++++++++++++
To unstable, yes - as 1.2.9000-1.
and to stable - the diffstat above is from our automated tooling
noticing the upload appearing in stable-new.
But Moritz asked me to also upload to
stretch. See https://packages.debian.org/search?keywords=r-cran-readxl
I see. For reference, when a member of the Security Team says that, they
usually mean "talk to the Release Team about uploading".
| Aside from being big enough to be non-trivial to review, the filename
of
| that patch isn't ideal. If there are other upstream changes that need
| incorporating in future, are you simply planning on appending to that
| patch, rather than having separate patches for specific purposes?
This is Debian packaging of the CRAN package readxl. It's current
upstream
version is in better shape.
I "have to" run this fix as CVE had been issued. As Moritz (now CCed)
suggested that this doesn't need a full blown security upload (no DOS
here,
just plain segfaults in R when libxls loaded) we went this route.
That explains the size, but the filename still isn't ideal. That isn't
reject-worthy in and of itself, it just has the potential to be more
annoying to review if there's an additional update for the package in
future. Let's see if any other issues pop up when someone finds
sufficient tuits to review the full changes, rather than my initial run
over the debdiff.
Regards,
Adam
