Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Development (http://www.linux-archive.org/debian-development/)
-   -   what if a package needs to be "recalled" (http://www.linux-archive.org/debian-development/600674-what-if-package-needs-recalled.html)

11-20-2011 10:36 PM

what if a package needs to be "recalled"
 
Just curious, let's say version 15.xxx of a package is released but then
found to be faulty, and upstream isn't releasing a new version soon. Can
the developer somehow recall it? But then peoples' apts won't
automatically catch 14.xxx as the new version if 15.xxx is already
installed. Or he can repackage 14.xxx as "15.xxx.1" but then other
packages depending on > 14 etc. will get the version wrong and the
numbering will be misleading. Yes, users can always install whatever
version they want manually, but I am just curious about damage control
from the point of the developer.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 8739dil62y.fsf@jidanni.org">http://lists.debian.org/8739dil62y.fsf@jidanni.org

Russell Coker 11-20-2011 10:44 PM

what if a package needs to be "recalled"
 
Isn't this one of the reasons for the epoch field?
--
My blog http://etbe.coker.com.au
Sent from an Xperia X10 Android phone


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: a2ef74dc-b5c1-4444-a79f-696ecfff1cb4@email.android.com">http://lists.debian.org/a2ef74dc-b5c1-4444-a79f-696ecfff1cb4@email.android.com

peter green 11-20-2011 11:01 PM

what if a package needs to be "recalled"
 
Just curious, let's say version 15.xxx of a package is released but then
found to be faulty, and upstream isn't releasing a new version soon.

OK...... faulty is a rather vauge term


Can the developer somehow recall it?

Not really, it's probablly theoretically possible to remove a package from debian and then
reupload a lower version but it would require the intervention of the ftpmasters and
it wouldn't achive much because as you say people would have already upgraded.


Or he can repackage 14.xxx as "15.xxx.1" but then other
packages depending on > 14 etc. will get the version wrong and the
numbering will be misleading.

It's possible to use a version number like 15.xxx+really14.xxx but it's ugly to say the least

It's also possible to use an epoch e.g. 1:14.xxx, downside of that approch is that the
package has to carry the epoch forever.

Afaict it's pretty rare that a package that is so badly broken that reversion is considred
the only reasonable course of action makes it into debian.



--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4EC994C2.6070906@postgrad.manchester.ac.uk">http://lists.debian.org/4EC994C2.6070906@postgrad.manchester.ac.uk

Jonathan Nieder 11-20-2011 11:09 PM

what if a package needs to be "recalled"
 
Russell Coker wrote:

> Isn't this one of the reasons for the epoch field?

No. If chromium 14.0.835.202~r103287-1 actually worked[1], the
thing to do would be to upload a package with version number
15.0.874.106~r107270+really14.0.835.202~r103287-1. That way,
the blip in version numbering can be only temporary.

[1] Alas, it doesn't work: http://bugs.debian.org/649378


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20111121000958.GA11473@elie.hsd1.il.comcast.net">h ttp://lists.debian.org/20111121000958.GA11473@elie.hsd1.il.comcast.net

Michael Gilbert 11-21-2011 12:56 AM

what if a package needs to be "recalled"
 
On Sun, Nov 20, 2011 at 7:01 PM, peter green wrote:
>> Or he can repackage 14.xxx as "15.xxx.1" but then other
>> packages depending on > 14 etc. will get the version wrong and the
>> numbering will be misleading.
>
> It's possible to use a version number like 15.xxx+really14.xxx but it's ugly
> to say the least

If this thread is specifically related to the broken sandbox in
chromium right now, then you can use "chromium --no-sandbox" until we
find an appropriate fix the bug (or help us do that). No need to come
up with crazy versioning solutions.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CANTw=MMcreu6rLWnA8dvyhNTuSFHt7der=YPsGg6Nam+SZbQg g@mail.gmail.com">http://lists.debian.org/CANTw=MMcreu6rLWnA8dvyhNTuSFHt7der=YPsGg6Nam+SZbQg g@mail.gmail.com

Yves-Alexis Perez 11-23-2011 08:10 PM

what if a package needs to be "recalled"
 
On dim., 2011-11-20 at 20:56 -0500, Michael Gilbert wrote:
> If this thread is specifically related to the broken sandbox in
> chromium right now, then you can use "chromium --no-sandbox" until we
> find an appropriate fix the bug (or help us do that). No need to come
> up with crazy versioning solutions.

I'm not sure telling people to use --no-sandbox without telling them
what they lose is a good idea. Sandboxing is here for a reason.

Regards,
--
Yves-Alexis

11-23-2011 11:12 PM

what if a package needs to be "recalled"
 
>>>>> "YP" == Yves-Alexis Perez <corsac@debian.org> writes:

YP> I'm not sure telling people to use --no-sandbox without telling them
YP> what they lose is a good idea. Sandboxing is here for a reason.

Wish it was documented. Say on the man page.

Of course if they don't use it, they won't be able to browse anything.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87aa7mqsyi.fsf@jidanni.org">http://lists.debian.org/87aa7mqsyi.fsf@jidanni.org

Michael Gilbert 11-23-2011 11:43 PM

what if a package needs to be "recalled"
 
On Wed, Nov 23, 2011 at 7:12 PM, wrote:
>>>>>> "YP" == Yves-Alexis Perez writes:
>
> YP> I'm not sure telling people to use --no-sandbox without telling them
> YP> what they lose is a good idea. Sandboxing is here for a reason.

I find the "no-sandbox" label sufficiently descriptive, but for
completeness sake, this option will (as it sounds) disable chromium's
process isolating "sandbox" feature. This means that the security
hardening feature, which normally makes it very hard for data to leak
between chromium processes (i.e. tabs), will be off.

It is of course not a permanent solution.

> Wish it was documented. Say on the man page.

You're certainly free to create a patch with that documented ;) The
problem is that chromium commands change rapidly. It may be better
just to link to this page, which gets updated fairly regularly:
http://peter.sh/experiments/chromium-command-line-switches/

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CANTw=MP53P7uuVFYiMGZcjyWuYCoM=3gncb3VLLiBhF5KtrxQ Q@mail.gmail.com">http://lists.debian.org/CANTw=MP53P7uuVFYiMGZcjyWuYCoM=3gncb3VLLiBhF5KtrxQ Q@mail.gmail.com

Michael Gilbert 11-23-2011 11:48 PM

what if a package needs to be "recalled"
 
On Wed, Nov 23, 2011 at 7:43 PM, Michael Gilbert wrote:
> On Wed, Nov 23, 2011 at 7:12 PM, *wrote:
>>>>>>> "YP" == Yves-Alexis Perez writes:
>>
>> YP> I'm not sure telling people to use --no-sandbox without telling them
>> YP> what they lose is a good idea. Sandboxing is here for a reason.
>
> I find the "no-sandbox" label sufficiently descriptive, but for
> completeness sake, this option will (as it sounds) disable chromium's
> process isolating "sandbox" feature. *This means that the security
> hardening feature, which normally makes it very hard for data to leak
> between chromium processes (i.e. tabs), will be off.

And of course makes it hard (hopefully) for attackers to break out of
that sandbox to get access (read/write) to anything else in memory.

Best wishes,
Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: CANTw=MMegNX3J70FfY7r6Who7Nbrc=ZwD=yGd79bSTPGOktOw g@mail.gmail.com">http://lists.debian.org/CANTw=MMegNX3J70FfY7r6Who7Nbrc=ZwD=yGd79bSTPGOktOw g@mail.gmail.com


All times are GMT. The time now is 03:02 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.