why are new upstream versions of glib being uploaded?
Thomas Bushnell BSG
tb at becket.net
Thu Dec 28 19:19:54 UTC 2006
On Wed, 2006-12-27 at 09:36 +0000, Marc 'HE' Brockschmidt wrote:
> Thomas Bushnell BSG <tb at becket.net> writes:
> > Why are new upstream releases being added to upstable of the glib2.0
> > package? We are in a freeze, I thought.
>
> Yes, but the new glib2.0 release is from upstream's stable series, where
> only bugs are fixed. I reviewed all changes before Loic Minier uploaded
> the new version and thought them to not a problem.
>
> > And one seems perhaps to be responsible for a regression in gnucash
> > (see #404585).
>
> Yes, this is due to a stricter input validation in gkeyfile.c. The
> validation is an ugly C replacement for this:
> m!^[-_/+.[:alnum:]]+(\[[-_.@[:alnum:]]+\])?$!
I'm uncertain how to interpret this message. You said that the new
release only fixes bugs, and that you reviewed all the changes, and
that the new release includes a change in implementation from a regexp
to a C replacement, which more strictly validates input.
The last of these three seems to be inconsistent with the first two, for
the change does not give any appearance of being only a bug fix.
Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20061228/7030fe44/attachment.pgp
More information about the pkg-gnome-maintainers
mailing list