[pkg-wicd-maint] Bug#901592: Bug#928428: unblock: [pre-approval] wicd/1.7.4+tb2-7

Axel Beckert abe at debian.org
Sun May 12 21:21:12 BST 2019 

Hi Niels,

Niels Thykier wrote:
> Axel Beckert:
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org at packages.debian.org
> > Usertags: unblock
> > 
> > In the light of dhcpcd5 automremoval (#928056, #928104, #928105), I'd
> > like to upload a wicd package which relies less on dhcpcd5.  [...]
[...]
> AFAICT, the dhcpcd5 issues have been fixed and wicd is at the moment not
> at risk of being removed from testing on that account.

Ack. Actually I didn't expected those CVEs to be fixed that quickly
given how RC bugs in that package were handled in the past. I guess
these memories are from the times where the Debian packages of dhcpcd*
was (not really) maintained by the upstream maintainer.

> If so, then I would prefer deferring these changes to bullseye in
> general to reduce the risks of regressions in testing at the moment.

I actually thought that way, too, and nearly would have closed the
request myself.

But then again it seems that if only the default DHCP client
dependency is installed, it won't find the according binary. (See
https://bugs.debian.org/852343 — probably has the wrong severity,
should be at least important from my point of view.)

Then again, in most cases, when wicd is being installed, that
alternative dependency where dhcpcd5 comes first (#901592) is usually
already fulfilled by isc-dhcp-client which is installed by default and
hence present on most installations.

So while the impact of #852343 (at least together with #901592) is
probably RC on the paper, there are actually only very few people who
actually will run into it (and nobody who complained by having run
into it so far), e.g. those who have no DHCP client installed at all
when wicd is being installed or which uninstall all other DHCP clients
afterwards.

The only real impact I can imagine is on derivatives which install
wicd by default and follow Debian release cycles — of which I can't
remember any at the moment — at least Raspbian uses pure dhcpcd5 +
dhcpcd-gtk (and not Debian's packages of dhcpcd* as I just noticed).

So I'm generally fine with postponing this until bullseye. If you
agree with my reasoning above, please close this unblock request.

Will drop the created git branch "buster" only after the release of
buster, though, just to be on the safe side.

Salvo Tomaselli wrote:
> Well I use isc-dhcp-client and it works fine

I'm sorry, but IMHO this fact is not really relevant for this
discussion.

> so I guess it is an ok change.

... and since it ignores the core issues of th proposed change, this
reasoning is IMHO bogus.

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe at debian.org>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

More information about the pkg-wicd-maint mailing list