Bug#718272: marked as done (upstream does not support stable releases (block migration to testing))
Your message dated Thu, 07 Jan 2021 14:51:50 +0100
with message-id <161002751041.1585395.8615807898528325...@auryn.jones.dk>
and subject line Re: Processed: reopening 718272
has caused the Debian Bug report #718272,
regarding upstream does not support stable releases (block migration to testing)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
718272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: bitcoin
Severity: serious
The bitcoin network requires on strict adherence to consensus between nodes.
Small changes to underlying libraries, even justified security changes,
threaten to break consensus and could possible cause accidental forks.
For example, it is possible for bug fix in libleveldb to cause a fork in the
network if existing nodes expect buggy behaviour.
Therefore, bitcoin upstream developers have strongly encouraged downstream
packagers to use the exact version of libleveldb included with their source
code. However, upstream does not backport or support previously released
versions of bitcoind/bitcoin-qt.
For example: if we release Debian Jessie with version 0.8 of bitcoin, and a
security bug is found in that version and fixed upstream, the fix may be based
on top of version 0.10 and unable to be ported to 0.8. Upstream will, in that
case, release version 0.10 and not backport the fix to 0.8. This is especially
tricky now that Debian is using the bitcoin packaged version of leveldb.
Because of the sensitivity of this situation (lots of money can be lost), I
believe we should block migration to testing until either upstream supports
stable releases or we have a volunteer that works closely enough with upstream
code (an upstream developer) that is will to backport security and network-
related fixes.
There has been some work on multibit and electrum packages in Debian, these may
be better choices for wallets. If we keep bitcoin in unstable, we'll be able to
update as needed and users will understand that these packages are not stable
and will need to be updated often.
-- System Information:
Debian Release: wheezy/sid
APT prefers raring-updates
APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500,
'raring-proposed'), (500, 'raring'), (100, 'raring-backports')
Architecture: i386 (i686)
Kernel: Linux 3.8.0-27-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Quoting Debian Bug Tracking System (2020-12-27 19:33:02)
> Processing commands for cont...@bugs.debian.org:
>
> > reopen 718272
> Bug #718272 {Done: Jonas Smedegaard } [src:bitcoin] upstream
> does not support stable releases (block migration to testing)
> Bug reopened
> Ignoring request to alter fixed versions of bug #718272 to the same values
> previously set
> > thanks
> Stopping processing here.
>
> Please contact me if you need assistance.
I consider Bitcoin suitable for release with stable Debian.
If seciurity team or others disagree with that, then please elaborate on
your concerns.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
--- End Message ---
Bug#718272: marked as done (upstream does not support stable releases (block migration to testing))
Your message dated Tue, 19 Jun 2018 19:21:09 +0200 with message-id <152942886931.8817.13979725455619503...@auryn.jones.dk> and subject line Re: Bug#718272: [Pkg-bitcoin-devel] Bug#718272: Bitcoin still not ready for stable release in Debian has caused the Debian Bug report #718272, regarding upstream does not support stable releases (block migration to testing) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 718272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: bitcoin Severity: serious The bitcoin network requires on strict adherence to consensus between nodes. Small changes to underlying libraries, even justified security changes, threaten to break consensus and could possible cause accidental forks. For example, it is possible for bug fix in libleveldb to cause a fork in the network if existing nodes expect buggy behaviour. Therefore, bitcoin upstream developers have strongly encouraged downstream packagers to use the exact version of libleveldb included with their source code. However, upstream does not backport or support previously released versions of bitcoind/bitcoin-qt. For example: if we release Debian Jessie with version 0.8 of bitcoin, and a security bug is found in that version and fixed upstream, the fix may be based on top of version 0.10 and unable to be ported to 0.8. Upstream will, in that case, release version 0.10 and not backport the fix to 0.8. This is especially tricky now that Debian is using the bitcoin packaged version of leveldb. Because of the sensitivity of this situation (lots of money can be lost), I believe we should block migration to testing until either upstream supports stable releases or we have a volunteer that works closely enough with upstream code (an upstream developer) that is will to backport security and network- related fixes. There has been some work on multibit and electrum packages in Debian, these may be better choices for wallets. If we keep bitcoin in unstable, we'll be able to update as needed and users will understand that these packages are not stable and will need to be updated often. -- System Information: Debian Release: wheezy/sid APT prefers raring-updates APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500, 'raring-proposed'), (500, 'raring'), (100, 'raring-backports') Architecture: i386 (i686) Kernel: Linux 3.8.0-27-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- Hi Vincas, Quoting Vincas Dargis (2018-06-19 18:49:02) > Any news after half a year? News that Debian stable no longer means stable? No. News that Bitcoin protocol has stabilized? No. But let's change approach: Treat it as releasable, and leave it to Debian release managers to kick it out during freeze if by then deemed too unstable for stable. > Why it's marked "fixed-upstream"? Because someone flagged it as such. Not sure why. Not important. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature --- End Message ---
Bug#718272: marked as done (upstream does not support stable releases (block migration to testing))
Your message dated Fri, 03 Nov 2017 10:10:37 +0100 with message-id <150970023769.11303.14727396047278104...@auryn.jones.dk> and subject line Re: Bitcoin still not ready for stable release in Debian has caused the Debian Bug report #718272, regarding upstream does not support stable releases (block migration to testing) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 718272: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718272 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: bitcoin Severity: serious The bitcoin network requires on strict adherence to consensus between nodes. Small changes to underlying libraries, even justified security changes, threaten to break consensus and could possible cause accidental forks. For example, it is possible for bug fix in libleveldb to cause a fork in the network if existing nodes expect buggy behaviour. Therefore, bitcoin upstream developers have strongly encouraged downstream packagers to use the exact version of libleveldb included with their source code. However, upstream does not backport or support previously released versions of bitcoind/bitcoin-qt. For example: if we release Debian Jessie with version 0.8 of bitcoin, and a security bug is found in that version and fixed upstream, the fix may be based on top of version 0.10 and unable to be ported to 0.8. Upstream will, in that case, release version 0.10 and not backport the fix to 0.8. This is especially tricky now that Debian is using the bitcoin packaged version of leveldb. Because of the sensitivity of this situation (lots of money can be lost), I believe we should block migration to testing until either upstream supports stable releases or we have a volunteer that works closely enough with upstream code (an upstream developer) that is will to backport security and network- related fixes. There has been some work on multibit and electrum packages in Debian, these may be better choices for wallets. If we keep bitcoin in unstable, we'll be able to update as needed and users will understand that these packages are not stable and will need to be updated often. -- System Information: Debian Release: wheezy/sid APT prefers raring-updates APT policy: (500, 'raring-updates'), (500, 'raring-security'), (500, 'raring-proposed'), (500, 'raring'), (100, 'raring-backports') Architecture: i386 (i686) Kernel: Linux 3.8.0-27-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- I believe Bitcoin is now stable enough for stable release. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private--- End Message ---
