[pkg-netfilter-team] Bug#929527: Bug#914694

Rhonda D'Vine rhonda at deb.at
Fri Jun 28 10:56:37 BST 2019 

    Hi,

* Arturo Borrero Gonzalez <arturo at debian.org> [2019-06-26 14:14:50 CEST]:
> On 6/25/19 10:25 AM, Thomas Lamprecht wrote:
> > Don't want to nag to much but is there any news regarding this?
> > Buster is planned to release pretty soon (<2 weeks) and iptables
> > is quite a important package, IMO. Maybe it went under my radar
> > but I saw no unblock request on d.o release list.
> > 
> > For now I just used update-alternative to use the legacy variants,
> > which work fine here, but if my understanding is correct then this
> > package (version?) could be thrown out of Buster if it still has RC
> > bug so close to the planned release, I mean iptables may be an
> > exception as it's quite relevant and still used by a lot but still.
> > 
> 
> The last upstream release of iptables won't make it into Debian Buster at this
> point.
> 
> Once buster is released I will:
> 
> * provide uptodate package backports of newer upstream releases in
> buster-backports (for both iptables and nftables)

 Please don't abuse backports for bugfixes that belong in stable.  This
won't solve the issues for users of stable.  Backports is for newer
features in software, not for offering bugfixes for stable.

> * for important bugs, I would try backporting concrete patches to the version in
> buster-stable.

 The regression pointed out here through the switch of the default from
iptables-legacy to iptables-nft is kinda important, in my opinion.
Custom chains aren't really something exotic like you try to imply.
Most tools that offer a bit more of a complex possibility to maintain
your firewall settings are using them.  And if a simple iptables-restore
can trigger this segfault for a setup that is far from exotic then it's
a regression that appears through the change of the tool that should
rather ring alarm clocks instead of trying to downplay the issue, in my
opinion. :/

 I know that the release is happening next week, and I understand that
it is considered too late to do anything right now - but please think
about the impact of this for the first point release.

 Thanks,
Rhonda
-- 
Fühlst du dich mutlos, fass endlich Mut, los      |
Fühlst du dich hilflos, geh raus und hilf, los    | Wir sind Helden
Fühlst du dich machtlos, geh raus und mach, los   | 23.55: Alles auf Anfang
Fühlst du dich haltlos, such Halt und lass los    |

More information about the pkg-netfilter-team mailing list