squeeze webkit security update

Joerg Jaspert joerg at debian.org
Mon Feb 21 21:48:43 UTC 2011


>> > > - You add yourself as maintainer and DM-uploader even though you don't
>> > > have that position in unstable. Is this agreed upon with the current
>> > > maintenance team?
>> > Yes, I've been working with Gustavo to prepare this update, and I
>> > think he agrees with DM-uploader status for me (I've CC'd the webkit
>> > maintainers for a response).
 
>> Adding the flag to an old/stable upload won't activate your DMship for the 
>> package. You need it on an upload to unstable (or experimental IIRC).

> security-master didn't allow DM uploads before Joerg upgraded the
> installation for the Squeeze release.

> Jörg, is this possible after the update?

Not right now. We can maybe make this possible, yes, but havent
yet. Lets see if i get to it before the ftpmaster meeting, but if not i
put it on agenda for there.

Oh, and DM is an archive based flag, checked against a prior upload to
*unstable* or *experimental*:

Quote from the (way to detailed to be any good) GR:
--8<------------------------schnipp------------------------->8---
- the most recent version of the package uploaded to unstable or experimental includes the field DM-Upload-Allowed: yes in the source section of its control file
- the most recent version of the package uploaded to unstable or experimental lists the uploader in the Maintainer: or Uploaders: fields (ie, non-developer maintainers cannot NMU or hijack packages)
--8<------------------------schnapp------------------------->8---

Thats double trouble for security: You have no unstable/experimental,
nor will it be of much use when the package does need to have an upload
with DMUA already there... And the stupid way the GR was written is
plenty specific, so if we read that in detail, there wont ever be a DM
upload to anything than the main archive.

(*sigh*)

Besides the gr stupidity, the technical implementation (*cough*) also
isnt the most optimal, so we DO have the check the code what we can do
for you.

-- 
bye, Joerg
Kids, you tried your best and you failed miserably. The lesson is, never try.



More information about the Pkg-webkit-maintainers mailing list