[pkg-bacula-devel] Bug#658326: Bug#658326: marked as done (bacula: sha implimentation is non-free)
Luca Capello
luca at pca.it
Wed May 2 13:16:36 UTC 2012
tags 658326 + upstream
notfixed 658326 5.0.3+dfsg-0.1
thanks
Hi there!
On Mon, 30 Apr 2012 11:21:51 +0200, Debian Bug Tracking System wrote:
> Your message dated Mon, 30 Apr 2012 09:17:34 +0000
> with message-id <E1SOmje-0005rA-OL at franck.debian.org>
> and subject line Bug#658326: fixed in bacula 5.0.3+dfsg-0.1
> has caused the Debian Bug report #658326,
> regarding bacula: sha implimentation is non-free
> to be marked as done.
[...]
> Changes:
> bacula (5.0.3+dfsg-0.1) unstable; urgency=low
> .
> * Non-maintainer upload.
> * Remove non-free SHA implementation (Closes: #658326).
> * debian/control: add libncurses5-dev into Build-Depends
Thank you for the NMU, but this is NOT the proper way, please read:
<http://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu>
Specifically:
§ 5.11.1. When and how to do an NMU
Before doing an NMU, consider the following questions:
[...]
* How confident are you about your changes? Please remember the
Hippocratic Oath: "Above all, do no harm." It is better to leave a
package with an open grave bug than applying a non-functional
patch, or one that hides the bug instead of resolving it. If you
are not 100% sure of what you did, it might be a good idea to seek
advice from others. Remember that if you break something in your
NMU, many people will be very unhappy about it.
1) Have you checked what are the implication of removing the non-free
SHA1 implementation? I imagine that all the installations that have
'signature=SHA1' in their FileSet resources are now broken, which is
not acceptable without any warning *before* installation via
NEWS.Debian, so administrators can act accordingly. This is why I
marked this bug as notfixed.
2) Have you seen that Karl (the original submitter) specifically talked
about stable and oldstable? The problem should be fixed there as
well, but the first question above must be addressed first.
Karl, given that the latest upstream sources still contain the
incriminated files, have you already brought this problem up to the
upstream authors?
<http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/src/lib/sha1.c>
<http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/src/lib/sha1.h>
Going on with the NMU policies:
* Have you clearly expressed your intention to NMU, at least in the
BTS? It is also a good idea to try to contact the maintainer by
other means (private email, IRC).
When doing an NMU, you must first make sure that your intention to NMU
is clear. Then, you must send a patch with the differences between the
current package and your proposed NMU to the BTS. The nmudiff script
in the devscripts package might be helpful.
Sometimes, release managers decide to allow NMUs with shorter delays
for a subset of bugs (e.g release-critical bugs older than 7
days). Also, some maintainers list themselves in the Low Threshold NMU
list, and accept that NMUs are uploaded without delay. But even in
those cases, it's still a good idea to give the maintainer a few days
to react before you upload, especially if the patch wasn't available
in the BTS before, or if you know that the maintainer is generally
active.
You have not contacted the pkg-bacula-devel@ mailing list neither sent
anything to the BTS. Please note that I am not saying that I (as one of
the bacula maintainers) am active (actually, it is more the contrary).
Moreover, your NMU does not *only* include the fix for #658326, but also
the one for #646730, without any notice neither taking into account the
submitter proposal (patching the upstream build system).
Thx, bye,
Gismo / Luca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-bacula-devel/attachments/20120502/537dd736/attachment.pgp>
More information about the pkg-bacula-devel
mailing list