Control: tags -1 moreinfo On Thu, Mar 12, 2015 at 17:16:17 +0000, Gianfranco Costamagna wrote:
> Hi Adam, > > first, thanks for the review > > > > >With apologies for not getting a proper response to this sooner, some > >queries... > > > no problem :) > >+ * Tried to fix CVE-2013-2298 and CVE-2013-2018. > >I'm not hugely keen on "tried to fix". :-( Are they fixed or not? > > > I tried to fix them (meaning I backported the patches and rebased on top of > the version) > > however we removed the build of the server packages, so the CVE is fixed, > because we don't ship the code anymore. > > if you ask me why we keep the patches, I answer "because users might download > the source and build manually their server" > I don't think that's reason enough to be touching the package in (old)stable. The initial message were also saying some of this is used on the client side, which is it? > > >+ * link_with_gold.patch: patched configure.ac to add -lX11 for linking > >client > >+ with ld.gold. > > >Hmmm, gold isn't the default linker in wheezy afair? I guess this isn't > >crazy based on the Build-Depends change. > > > don't know, I didn't change this :) if it is a problem I can put Guo in the > loop (if he doesn't already monitor the bug) It's an unnecessary change. We don't like unnecessary changes in (old)stable. > +Subject: [PATCH] - client: don't show cache size in startup messages. > > > yes, but again it is dead code :) > >May well be taken from upstream, but appears to have nothing to do with > >the content of the patch. > > >+workaround-objcxx.patch > > >What's the intent of this patch? It doesn't appear to be mentioned in > >the changelog and only appears to touch code that's never going to be > >used on Debian to begin with. > > > seems an useless patch to me :) > > >+wrapper.patch > > >This also isn't mentioned in the changelog. > > > safe patch, just adding some headers to avoid build failures with certain gcc > versions... > > should I make another upload? > > really the debdiff can be so much reduced, I bringed up a wheezy branch and > added the fixed on top of it... > Again, we want to keep changes in (old)stable to a minimum. So we would prefer a minimal diff that doesn't try to fix issues that don't affect the package in wheezy. Cheers, Julien
