Hi,
On Mon, Jul 10, 2023 at 09:08:14PM +0100, Adam D. Barratt wrote:
> Control: tags -1 + bookworm moreinfo
>
> On Mon, 2023-07-10 at 21:55 +0200, Ervin Hegedüs wrote:
> > nmu libnginx-mod-http-modsecurity_1.0.3-1+b1 . ANY . bookworm . -m
> > "Closes: 1037226"
>
> *Please* include information in binNMU requests that allows us to
> identify the actual problem without having to dig around. As an
> additional note, the text in the "message" argument (-m) is copied
> verbatim into changelogs, which will then be visible to users and
> anyone else viewing the changelog. It needs to be more descriptive than
> a bug number.
right.
Should I send a new request? Or how can I append the requested
info to the original NMU request?
> The BTS metadata for #1037226 indicates that it also affects unstable
> and testing. Is that correct?
Yes, it is - but meanwhile Nginx has a new version in unstable
(1.24 - stable: 1.22), so there is a PR for the unstable package:
https://salsa.debian.org/modsecurity-packaging-team/libnginx-mod-http-modsecurity/-/merge_requests/1/diffs
> If so, it needs to be fixed there first.
The package in unstable will be modified soon - but those
modifications will produce a different package. Would it be
allowed in case of stable (related to freeze policy)?
> If not, please explain why unstable is not affected despite having
> exactly the same package version.
Theoretically there are the same issue in all releases (stable,
testing, unstable). But as the core application has a new
version, I think it would be better to recompile the source
package in stable, and after apply the modifications, then upload
the new package to unstable. (And - I guess - after that the
package will be migrated to unstable)
Thanks,
a.
