[Pkg-utopia-maintainers] stretch-pu: package flatpak, maybe want debdiff against security?

[Ian Jackson]

tl/dr: I started reviewing this request, but didn't finish.


The biggest thing I tripped over was that the debdiff is against
current stretch, not against stretch-security.  So I found myself
seeing changes in the diff which had already been made on stretch
installations, in practice.

Is this normal ?  IMO a debdiff against the most recent update,
including any security update, would be much more useful.

I stopped when I noticed this, so my review was incomplete.

But, I found, while reading the diff, that the extra code to fix the
permissions code is large and complicated.  OTOH I'm not sure we can
afford not to have it.


OTOH most of the changes described in the changelog sound like ones we
would want to take for stretch-updates.  The only one I'm a bit wary
of is this one

+    - Let KDE apps bind-mount ~/.config/kdeglobals into the sandbox:

whose security implications I don't feel I understand.  Is there any
more discussion of that ?


Thanks,
Ian.


-- 
Ian Jackson <ijackson at chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.