Hi Bastien,
On 11/01/2025 19:14, Lucas Kanashiro wrote:
Hi,
Em 11 de jan. de 2025, à(s) 19:08, Bastien Roucariès <ro...@debian.org>
escreveu:
Hi,
Can someone review
https://salsa.debian.org/ruby-team/ruby/-/commits/debian/bullseye ?
Yes, I can do it next week.
First, thanks for the proposed update!
I believe the patch set you backported is correct, and thanks for the
notes you added to the headers of the patches, that's helpful.
I'd like to ask you fix the DEP-3 headers you added, most of them need
to be capitalized (i.e., s/bug/Bug/, s/origin/Origin/).
In the commit 23c295df19a5ee55506859f3037ac6ec9d20097a, you refreshed
all the patches in the package instead of just adding
d/p/CVE-2024-43398_depend01.patch. I wouldn't do that, that increases a
lot the debdiff. Those are cosmetic changes that are not necessary for
the security update, please, do not do that.
Regarding the commit history, could you please consolidate it a bit
better? Such as having one commit per CVE fix (not more than one), just
one commit updating the salsa-ci.yml file (not 2).
Being nitpicky: you have an extra empty line in your changelog entry.
And the changelog entry target is unstable, and not bullseye-security.
Again, thanks for working on this, Bastien! If you have any question,
let me know.
--
Lucas Kanashiro
