Bug#552018: Upgrading to grave
brian m. carlson
sandals at crustytoothpaste.ath.cx
Fri Jan 22 23:04:58 UTC 2010
On Fri, Jan 22, 2010 at 09:44:39PM +0100, Torsten Werner wrote:
> brian m. carlson schrieb:
> > I'm upgrading this bug report to grave, because I've done more tests
> > and it seems that this bug causes the resolver to produce bizarre,
> > inconsistent results and makes it unsuitable for a stable release.
>
> Grave means: makes the package in question unusable or mostly so, or
> causes data loss, or introduces a security hole allowing access to the
> accounts of users who use the package.
A catalog resolver that produces completely wrong (and bizarre) results
is not practically usable. XSLT stylesheets that reference an HTTP URL
but rely on the catalog resolver to redirect those to local files are
broken. Since /etc/xml/catalog is not generated in a specified order,
this causes different behavior on different systems where no relevant
difference exists.
A lot of the broken behavior is now noticable since, due to #560056,
catalog resolvers are the only way to resolve HTTP URLs for most XML
applications. In the case where the resolver would produce a null
result, there would be a fallback to HTTP, and the data would be loaded,
albeit more slowly and inefficiently. Right now, because of #560056,
that means applications don't work.
> Are you sure about the severity?
Yes. Even if someone were to disagree that this bug is grave, at the
very least, this is serious, since nobody can reasonably claim that the
package in this state is suitable for release.
> > Three out of four of these are wrong.
>
> I am getting the same error with upstream's binary (version 1.2). Can
> you reproduce that?
Yes.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20100122/78e9416c/attachment-0001.pgp>
More information about the pkg-java-maintainers
mailing list