Re: w3af (Re: pysvn: RC fix #678559 as new upstream release)
Hi, On Sat, 28 Jul 2012 11:03:38 +0200 Julien Cristau jcris...@debian.org wrote: Adding the w3af maintainer to recipients. Thanks. Today, I've put pysvn and svn-workbench to unstable. I'll stay it for 1 or 2 weeks. --- choices for w3af) --- 1. Not touch w3af - easiest way - needs simple patch to work with python2.6, at least (Debian doesn't have python2.5 anymore, and its source says it supports 2.6, not 2.7) - outdated version (2 years ago), maybe not useful for users 2. Just remove w3af from testing - easy - no reverse dependency - users cannot use w3af since Wheezy I prefer 1, and we can upgrade it via pinning or backports. 3. update w3af With my investigation, it needs more python module which isn't in Debian. It's late, so forget this choice. -- Regards, Hideki Yamane henrich @ debian.or.jp/org http://wiki.debian.org/HidekiYamane -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120802143219.65bf3da7c0be30e7793ff...@debian.or.jp
Re: w3af (Re: pysvn: RC fix #678559 as new upstream release)
Adding the w3af maintainer to recipients. On Sat, Jul 28, 2012 at 09:55:50 +0900, Hideki Yamane wrote: Hi, Have you tested the reverse dependencies with the new version (seems to be svn-workbench, svn-load, , ibid, There's no reply from w3af maintainer so I've investigated it and there is not a problem with updating pysvn. w3af uses pysvn for update only, and its feature shouldn't work in Debian. w3af needs pysvn to use auto-update feature, and it is not suitable for Debian package binary. Debian w3af packages are installed into system wide, not user's directory. So, if unprivilledged user would execute update, w3af files would not be overwritten. However, I've found this package needs to be patched, and also it's not up-to-date upstream stable version (1.1) in testing/unstable (=1.0-rc3svn3489-1) (even experimental=1.0.0-1). Outdated program is not good for users (and also maintainer/security team), but there are 250 w3af users (by popcon), just removing package is not good for them. --- choices for w3af) --- 1. Not touch w3af - easiest way - needs simple patch to work with python2.6, at least (Debian doesn't have python2.5 anymore, and its source says it supports 2.6, not 2.7) - outdated version (2 years ago), maybe not useful for users 2. Just remove w3af from testing - easy - no reverse dependency - users cannot use w3af since Wheezy 3. update w3af - violate basic freeze rule (however, upstream 1.1 was released before freeze, 2011-11-10) - need some work to update (I'll try) - need some check if it works Any comments? -- Hideki Yamane henr...@debian.or.jp -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120728095550.ab97ba1d8b906dd8912c8...@debian.or.jp signature.asc Description: Digital signature
w3af (Re: pysvn: RC fix #678559 as new upstream release)
Hi, Have you tested the reverse dependencies with the new version (seems to be svn-workbench, svn-load, , ibid, There's no reply from w3af maintainer so I've investigated it and there is not a problem with updating pysvn. w3af uses pysvn for update only, and its feature shouldn't work in Debian. w3af needs pysvn to use auto-update feature, and it is not suitable for Debian package binary. Debian w3af packages are installed into system wide, not user's directory. So, if unprivilledged user would execute update, w3af files would not be overwritten. However, I've found this package needs to be patched, and also it's not up-to-date upstream stable version (1.1) in testing/unstable (=1.0-rc3svn3489-1) (even experimental=1.0.0-1). Outdated program is not good for users (and also maintainer/security team), but there are 250 w3af users (by popcon), just removing package is not good for them. --- choices for w3af) --- 1. Not touch w3af - easiest way - needs simple patch to work with python2.6, at least (Debian doesn't have python2.5 anymore, and its source says it supports 2.6, not 2.7) - outdated version (2 years ago), maybe not useful for users 2. Just remove w3af from testing - easy - no reverse dependency - users cannot use w3af since Wheezy 3. update w3af - violate basic freeze rule (however, upstream 1.1 was released before freeze, 2011-11-10) - need some work to update (I'll try) - need some check if it works Any comments? -- Hideki Yamane henr...@debian.or.jp -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120728095550.ab97ba1d8b906dd8912c8...@debian.or.jp
Re: pysvn: RC fix #678559 as new upstream release
On Wed, Jul 18, 2012 at 08:14:56 +0900, Hideki Yamane wrote: Hi, I've fixed RC bug #678559 as introducing new upstream release. This debdiff is huge, however, most of the code is able to be ignored. - Some of them are for Win32 and MacOSX, we can ignore it. - Rest of them are PyCXX library, but Debian use it as python-cxx-dev package to specified with --pycxx-src-dir=/usr/share/python$*/CXX, so we can ignore it. So, you may think why I didn't create minimum set patch from upstream. Because, I don't want to introduce _any_ regression _by Debian_. OK, ignoring the tests and pycxx changes the diff looks relatively reasonable. Have you tested the reverse dependencies with the new version (seems to be svn-workbench, svn-load, rabbitvcs-core, ibid, w3af-console)? Cheers, Julien signature.asc Description: Digital signature
Re: pysvn: RC fix #678559 as new upstream release
Hi, On Wed, 18 Jul 2012 20:57:39 +0200 Julien Cristau jcris...@debian.org wrote: OK, ignoring the tests and pycxx changes the diff looks relatively reasonable. Thanks to check, it's really help. Have you tested the reverse dependencies with the new version (seems to be svn-workbench, svn-load, , ibid, w3af-console)? Not yet, honestly. So, I should ask others to help this migration with upgraded pysvn by putting it to experimental once, then post call for check for their package. After that, I'll put pysvn to unstable and post unblock request to BTS. -- Regards, Hideki Yamane henrich @ debian.or.jp/org http://wiki.debian.org/HidekiYamane -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120719041443.ba550f343f551fd9500a7...@debian.or.jp
Re: pysvn: RC fix #678559 as new upstream release
On Thu, Jul 19, 2012 at 04:14:43 +0900, Hideki Yamane wrote: Have you tested the reverse dependencies with the new version (seems to be svn-workbench, svn-load, , ibid, w3af-console)? Not yet, honestly. So, I should ask others to help this migration with upgraded pysvn by putting it to experimental once, then post call for check for their package. After that, I'll put pysvn to unstable and post unblock request to BTS. Sounds good to me. Thanks! Cheers, Julien signature.asc Description: Digital signature