All right, here's the revised list (removing anything that someone confirmed as almost done.)
Quoting Michael Stone ([EMAIL PROTECTED]): > > apache 32204 user directories allow symlinks to other files [0] > > (Johnie Ingram <[EMAIL PROTECTED]>) > > There's a suggested fix in the bug report. Is it problematic? > > > boot-floppies 32269 partion harddisk fails if WIN95_EXTENDED present > > [0] (Enrique Zanardi <debian-boot@lists.debian.org>) > > The report log is a little unclear. It looks like there is a version of cfdisk > that works...are we just waiting for an upload? > > > dpkg 17624 dpkg: installs regular dir when .deb contains > > symlink ! [364] (Ian Jackson and others <[EMAIL PROTECTED]>) > > dpkg 21182 dpkg: dpkg can go into an infinite loop with > > --force-configure-any [288] (Ian Jackson and others <[EMAIL PROTECTED]>) > > dpkg 28519 dpkg: dpkg creates circular symlinks [93] (Ian > > Jackson and others <[EMAIL PROTECTED]>) > > dpkg 30090 weirdass dpkg coredumps and xbase upgrade insanity > > [62] (Ian Jackson and others <[EMAIL PROTECTED]>) > > dpkg 30891 dpkg: Patch for update-alternatives to fix jdk > > problems [40] (Ian Jackson and others <[EMAIL PROTECTED]>) > > dpkg 32283 xbase postinst refers to nonexistent README.Debian > > [0] (Ian Jackson and others <[EMAIL PROTECTED]>) > > No one ever wants to touch dpkg... > > dpkg-dev 31508 parsechangelog broken? [22] (Ian Jackson and > > others <[EMAIL PROTECTED]>) This is supposed to have an attached fix. > > dpkg 28817 dpkg takes no care over libdpkg [87] (Ian Jackson > > and others <[EMAIL PROTECTED]>) Wichert argues whether this one's really release critical. > > ftp.debian.org 31282 upgrade-1386 directory in Incoming [30] (Guy Maor > > <[EMAIL PROTECTED]>) > > ? > > > general 28850 gettext: security problem when used in setuid > > programs [0] (debian-devel@lists.debian.org) > > What needs to be done here? This needs maintainers of setuid/root-run programs to check their stuff. Is there a way for non-maintainers to help with this, or do we just hope it gets done? Is there a way for maintainers to indicate they've already checked their packages? > > jdk1.1 32548 Java doesn't work at all for me on slink [0] > > (Stephen Zander <[EMAIL PROTECTED]>) Someone might be working on this? > > lyx 32299 LyX Copyright problems [0] (Stuart Lamble <[EMAIL > > PROTECTED]>) There should be a new license waiting to be packaged. > > nonus.debian.org 23780 nonus.debian.org: libssl-dev is obsolete [220] > > (Heiko Schlittermann <[EMAIL PROTECTED]>) > > nonus.debian.org 26443 nonus.debian.org: apache-common_1.3.0+1.19 is > > obsolete [144] (Heiko Schlittermann <[EMAIL PROTECTED]>) > > nonus.debian.org 29246 nonus.debian.org: remove > > fortify-unix-ppc_1.2.8-1.deb [79] (Heiko Schlittermann <[EMAIL PROTECTED]>) > > nonus.debian.org 31326 Broken symlinks on nonus.debian.org [29] (Heiko > > Schlittermann <[EMAIL PROTECTED]>) > > nonus.debian.org 32171 umet dependency for mutt-i [8] (Heiko > > Schlittermann <[EMAIL PROTECTED]>) mutt-i just need to disappear, right? Or should we do another virtual package to get mutt to install in its place? > Will non-us ever be fixed? All I've heard is agreement that this situation is non-optimal. (Or words to that effect :) > > perl-suid 31904 [EMAIL PROTECTED]: Secuity hole with perl > > (suidperl) and nosuid mounts on Linux] [13] (Darren Stalder <[EMAIL > > PROTECTED]>) This still needs a good solution. > > smb2www 32131 smb2www: smb2www in slink incompatible with samba > > in slink [9] (Craig Small <[EMAIL PROTECTED]>) > > Is the potato version going to be installed, or is there another fix? > > > wdm 32485 wdm: Doesn't let people log on when using MD5 > > passwords [0] ([EMAIL PROTECTED] (Marcelo E. Magallon)) > > Looks like this needs a patch. > > > wdm 32529 Typo in Xsession [0] ([EMAIL PROTECTED] (Marcelo > > E. Magallon)) > > Log's unclear again; is this really an xbase problem? Is it fixed? > > > xbase 30852 X packages do not upgrade automatically due to > > name change. [41] (Branden Robinson <[EMAIL PROTECTED]>) > > xdm 29360 xdm: Stopped X without warning/asking [77] > > (Branden Robinson <[EMAIL PROTECTED]>) > > xlib6 31610 xlib6: requires gcc but declares no dependency > > (dpkg --print-gnu-build-architecture?) [20] (Branden Robinson <[EMAIL > > PROTECTED]>) > > xserver-common 29166 xserver-common: should depend or at least > > recommend properly ver'd xlib6g [81] (Branden Robinson <[EMAIL PROTECTED]>) There's supposed to be a new version of the X stuff; does it fix all of these? (Someone want to summarize the changelog? :) So, what's left? Looks like fairly simple fixes for apache, boot-floppies, dpkg-dev, lyx, and smb2www. There's a mess of dpkg and non-us probs that'll just fester. jdk supposedly has someone working on it? perl-suid needs a good solution, as does wdm (which I'm getting a copy of now.) And we need to address the gettext problem. How much longer? Mike Stone
