[Pkg-cacti-maint] error in cacti

Paul Gevers paul at climbing.nl
Sun Jan 22 09:06:19 UTC 2012 

Hi all,

>> I haven't seen any response to the latest mail related to the
>> regression in cacti old-stable. Kostya, could you please file the
>> bug with reportbug. Also I have not been able to reproduce the
>> problem, but I think you are complete right. So what exactly did
>> you do to get the bug to appear? If you don't want to file the bug
>> yourself, please let us know. Can I use your text in the first
>> e-mail for it if your not filing yourself?
> 
> Ok, now we have confirmation that there is a regression.

I also confirm myself that there is regression.

>> Mayuddin, I think your patch is not right. It changes the interface
>> of the function, where all the calls to it don't change. I attach a
>> patch that I believe is better. Shall I commit it to the git
>> repository?
> 
> The interface of the function can be extended as long as one makes
> sure to add default values for the extra arguments. This easies
> backports of other fixes and is generally cleaner than hardcoding
> within the code.

Ok. I agree that it is cleaner, but in newer upstream code, the max_oid
argument is not the last argument of the function. I am not so much into
php that I can tell if the order of your arguments make a difference,
but as the arguments are unnamed, I expect that you can not add extra
arguments in front of existing argument without careful checking. The
point is, I am afraid of introducing even more regressions. That is why
I prefer to revert to the hardcoded value. But as I am not so
experienced in these kind of things in security fixes, I am willing to
make the changes as you propose today, but can somebody check them?
Please let me know a.s.a.p.

>> but where exactly should we ask for
>> security help? You, Luk?
> 
> If we agree on the patch, I can indeed proceed with the process of
> getting the regression fix in the security (or maybe the general) archive.

What do you mean with the general archive? That the security fix with
regression fix is moved to the lenny archive?

Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cacti-maint/attachments/20120122/c761cac0/attachment.pgp>

More information about the Pkg-cacti-maint mailing list