Your message dated Thu, 07 Jan 2021 14:51:50 +0100
with message-id <161002751041.1585395.8615807898528325...@auryn.jones.dk>
and subject line Re: Processed: reopening 718272
has caused the Debian Bug report #718272,
regarding upstream does not support stable releases (block migration to testing)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
718272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: bitcoin
Severity: serious
The bitcoin network requires on strict adherence to consensus between nodes.
Small changes to underlying libraries, even justified security changes,
threaten to break consensus and could possible cause accidental forks.
For example, it is possible for bug fix in libleveldb to cause a fork in the
network if existing nodes expect buggy behaviour.
Therefore, bitcoin upstream developers have strongly encouraged downstream
packagers to use the exact version of libleveldb included with their source
code. However, upstream does not backport or support previously released
versions of bitcoind/bitcoin-qt.
For example: if we release Debian Jessie with version 0.8 of bitcoin, and a
security bug is found in that version and fixed upstream, the fix may be based
on top of version 0.10 and unable to be ported to 0.8. Upstream will, in that
case, release version 0.10 and not backport the fix to 0.8. This is especially
tricky now that Debian is using the bitcoin packaged version of leveldb.
Because of the sensitivity of this situation (lots of money can be lost), I
believe we should block migration to testing until either upstream supports
stable releases or we have a volunteer that works closely enough with upstream
code (an upstream developer) that is will to backport security and network-
related fixes.
There has been some work on multibit and electrum packages in Debian, these may
be better choices for wallets. If we keep bitcoin in unstable, we'll be able to
update as needed and users will understand that these packages are not stable
and will need to be updated often.
-- System Information:
Debian Release: wheezy/sid
APT prefers raring-updates
APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500,
'raring-proposed'), (500, 'raring'), (100, 'raring-backports')
Architecture: i386 (i686)
Kernel: Linux 3.8.0-27-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Quoting Debian Bug Tracking System (2020-12-27 19:33:02)
> Processing commands for cont...@bugs.debian.org:
>
> > reopen 718272
> Bug #718272 {Done: Jonas Smedegaard <jo...@jones.dk>} [src:bitcoin] upstream
> does not support stable releases (block migration to testing)
> Bug reopened
> Ignoring request to alter fixed versions of bug #718272 to the same values
> previously set
> > thanks
> Stopping processing here.
>
> Please contact me if you need assistance.
I consider Bitcoin suitable for release with stable Debian.
If seciurity team or others disagree with that, then please elaborate on
your concerns.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--- End Message ---
