why are new upstream versions of glib being uploaded?

[Marc 'HE' Brockschmidt]

Thomas Bushnell BSG <tb at becket.net> writes:
> On Wed, 2006-12-27 at 09:36 +0000, Marc 'HE' Brockschmidt wrote:
>> Thomas Bushnell BSG <tb at becket.net> writes:
>>> And one seems perhaps to be responsible for a regression in gnucash
>>> (see #404585). 
>> Yes, this is due to a stricter input validation in gkeyfile.c. The
>> validation is an ugly C replacement for this:
>> m!^[-_/+.[:alnum:]]+(\[[-_.@[:alnum:]]+\])?$!
>
> I'm uncertain how to interpret this message.  You said that the new
> release only fixes  bugs, and that you reviewed all the changes, and
> that the new release includes a change in implementation from a regexp
> to a C replacement, which more strictly validates input.

What? No, what I meant is that input validation was introduced to fix
other problems. [1] As I'm not keen on pasting 20 lines of boring C
routines, I created an equivalent (perl) regex to demonstrate what Input
is currently allowed.
As this may break more applications (earlier version broke locale
parsing and gnomevfs), we should probably keep that code, reduce it to a
warning for etch and then work out (together with upstream) how to solve
this for the future.

Marc

Footnotes: 
[1]  http://bugzilla.gnome.org/show_bug.cgi?id=343191

-- 
BOFH #114:
electro-magnetic pulses from French above ground nuke testing.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20061228/c9705223/attachment.pgp