[pkg-bacula-devel] Bug#658326: Bug#658326: marked as done (bacula: sha implimentation is non-free)

Luca Capello luca at pca.it
Wed May 2 13:16:36 UTC 2012


tags 658326 + upstream
notfixed 658326 5.0.3+dfsg-0.1
thanks

Hi there!

On Mon, 30 Apr 2012 11:21:51 +0200, Debian Bug Tracking System wrote:
> Your message dated Mon, 30 Apr 2012 09:17:34 +0000
> with message-id <E1SOmje-0005rA-OL at franck.debian.org>
> and subject line Bug#658326: fixed in bacula 5.0.3+dfsg-0.1
> has caused the Debian Bug report #658326,
> regarding bacula: sha implimentation is non-free
> to be marked as done.
[...]
> Changes:
>  bacula (5.0.3+dfsg-0.1) unstable; urgency=low
>  .
>    * Non-maintainer upload.
>    * Remove non-free SHA implementation (Closes: #658326).
>    * debian/control: add libncurses5-dev into Build-Depends

Thank you for the NMU, but this is NOT the proper way, please read:

  <http://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu>

Specifically:

  § 5.11.1. When and how to do an NMU

  Before doing an NMU, consider the following questions:

  [...]

    * How confident are you about your changes? Please remember the
      Hippocratic Oath: "Above all, do no harm." It is better to leave a
      package with an open grave bug than applying a non-functional
      patch, or one that hides the bug instead of resolving it. If you
      are not 100% sure of what you did, it might be a good idea to seek
      advice from others. Remember that if you break something in your
      NMU, many people will be very unhappy about it.

1) Have you checked what are the implication of removing the non-free
   SHA1 implementation?  I imagine that all the installations that have
   'signature=SHA1' in their FileSet resources are now broken, which is
   not acceptable without any warning *before* installation via
   NEWS.Debian, so administrators can act accordingly.  This is why I
   marked this bug as notfixed.

2) Have you seen that Karl (the original submitter) specifically talked
   about stable and oldstable?  The problem should be fixed there as
   well, but the first question above must be addressed first.

   Karl, given that the latest upstream sources still contain the
   incriminated files, have you already brought this problem up to the
   upstream authors?

     <http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/src/lib/sha1.c>
     <http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/src/lib/sha1.h>

Going on with the NMU policies:

    * Have you clearly expressed your intention to NMU, at least in the
      BTS? It is also a good idea to try to contact the maintainer by
      other means (private email, IRC).

  When doing an NMU, you must first make sure that your intention to NMU
  is clear. Then, you must send a patch with the differences between the
  current package and your proposed NMU to the BTS. The nmudiff script
  in the devscripts package might be helpful.

  Sometimes, release managers decide to allow NMUs with shorter delays
  for a subset of bugs (e.g release-critical bugs older than 7
  days). Also, some maintainers list themselves in the Low Threshold NMU
  list, and accept that NMUs are uploaded without delay. But even in
  those cases, it's still a good idea to give the maintainer a few days
  to react before you upload, especially if the patch wasn't available
  in the BTS before, or if you know that the maintainer is generally
  active.

You have not contacted the pkg-bacula-devel@ mailing list neither sent
anything to the BTS.  Please note that I am not saying that I (as one of
the bacula maintainers) am active (actually, it is more the contrary).

Moreover, your NMU does not *only* include the fix for #658326, but also
the one for #646730, without any notice neither taking into account the
submitter proposal (patching the upstream build system).

Thx, bye,
Gismo / Luca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-bacula-devel/attachments/20120502/537dd736/attachment.pgp>


More information about the pkg-bacula-devel mailing list