FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Java

 
 
LinkBack Thread Tools
 
Old 04-04-2010, 08:28 PM
Gabriele Giacone
 
Default jedit_4.3.1+dfsg-1_amd64.changes REJECTED

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[ CC-ing debian-java and mkoch - bsh maintainers. This thread starts
from <4BB3CD1C.8000005@gmail.com> ]

On 04/03/2010 11:43 PM, Michael Tautschnig wrote:
>> * Gabriele Giacone:
>>
>>> For example openjdk-6-source: source code is in both orig tarball and
>>> openjdk-6-source binary package. This is a duplication, isn't it?
>>
>> First, the duplication refers to source packages.
Good, so my proposal below (bsh-src + patch) could be ok.

>> Second,
>> openjdk-6-source is like the emacs*-el packages, it provides IDE
>> navigation support.
>>
>>> Regarding jedit, what about adding the creation of bsh-src binary
>>> package, adding bsh-src to jedit's Build-Depends and applying jedit
>>> patch at build time?
>>
>> You could use reflection or AOP for that so that you don't need source
>> code at all.

IMHO this could be the best solution but I'm not a developer.

>> However, the correct way is to get the changes you need into the
>> upstream version, or adjust the client code. We do this for non-Java
>> code all the time.
>
> As I understood Gabriele, bsh is dead upstream, so it's actually up to Debian
> maintainers of bsh and Gabriele to sort that out, I guess. I haven't yet
> understood how intrusive that patch is, i.e., whether it breaks bsh core
> functionality or merely extends bsh. Gabriele? bsh maintainers?
Michael (mt), I pasted true changes (excluding references to
"org.gjt.sp.jedit.bsh" instead of "bsh", comments and some StringBuffer
that become StringBuilder) here [1].
Personally I wouldn't apply that changes to bsh sources to satisfy a
jedit-only need.

I would proceed in this way:
bsh: add bsh-src binary creation
jedit:
- - remove Debian bsh sources (added to the rejected package [2])
- - add bsh-src as builddep
- - apply jedit patch and build against patched bsh.
- - switch to "public" package like bsh so if someone wanted to
write a reflection/AOP patch, it would easily be done without asking.

Would it be rejected again?

Gabriele

[1] http://paste.debian.net/67419
[2]
http://mentors.debian.net/debian/pool/main/j/jedit/jedit_4.3.1+dfsg-1.dsc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAku49kYACgkQp3cdCbVcnCtqQwCg+GSyNP95pC Mb2gx51Lydod5a
P1YAoMyl1YY/RB5OnVJzCqIAMOuvB+Gr
=OpiL
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4BB8F651.2040902@gmail.com">http://lists.debian.org/4BB8F651.2040902@gmail.com
 
Old 04-05-2010, 10:52 AM
Michael Tautschnig
 
Default jedit_4.3.1+dfsg-1_amd64.changes REJECTED

[...]

>
> I would proceed in this way:
> bsh: add bsh-src binary creation
> jedit:
> - remove Debian bsh sources (added to the rejected package [2])
> - add bsh-src as builddep

I think if you do a versioned builddep (exact version) then at the very latest
an archive rebuild will ensure that jedit gets fixed after a security upload.
Unless, of course, the security team does rdep checks anyway.

> - apply jedit patch and build against patched bsh.
> - switch to "public" package like bsh so if someone wanted to
> write a reflection/AOP patch, it would easily be done without asking.
>
> Would it be rejected again?
>

That now seems to be the security team's decision.

Best,
Michael
 
Old 04-08-2010, 10:02 PM
Moritz Muehlenhoff
 
Default jedit_4.3.1+dfsg-1_amd64.changes REJECTED

On Mon, Apr 05, 2010 at 12:52:39PM +0200, Michael Tautschnig wrote:
> [...]
>
> >
> > I would proceed in this way:
> > bsh: add bsh-src binary creation
> > jedit:
> > - remove Debian bsh sources (added to the rejected package [2])
> > - add bsh-src as builddep
>
> I think if you do a versioned builddep (exact version) then at the very latest
> an archive rebuild will ensure that jedit gets fixed after a security upload.
> Unless, of course, the security team does rdep checks anyway.
>
> > - apply jedit patch and build against patched bsh.
> > - switch to "public" package like bsh so if someone wanted to
> > write a reflection/AOP patch, it would easily be done without asking.
> >
> > Would it be rejected again?
> >
>
> That now seems to be the security team's decision.

bsh code copies don't strike me as a security-relevant overhead,
personally I don't have any objections.

Cheers,
Moritz


--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100408220221.GC3131@galadriel.inutil.org">http://lists.debian.org/20100408220221.GC3131@galadriel.inutil.org
 
Old 04-09-2010, 08:20 AM
Alexander Reichle-Schmehl
 
Default jedit_4.3.1+dfsg-1_amd64.changes REJECTED

Hi!

Moritz Muehlenhoff schrieb:


bsh code copies don't strike me as a security-relevant overhead,
personally I don't have any objections.


If it's fine with you, it's okay with us. We don't like it (the archive
is already big enough without yet another code copy), but we'll accept it.



Best regards,
Alexander


--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4BBEE34A.4030208@debian.org">http://lists.debian.org/4BBEE34A.4030208@debian.org
 
Old 04-16-2010, 09:20 PM
Gabriele Giacone
 
Default jedit_4.3.1+dfsg-1_amd64.changes REJECTED

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
now bsh builds bsh-src and jedit build-depends on it.

bsh (Team upload)
http://mentors.debian.net/debian/pool/main/b/bsh/bsh_2.0b4-11.dsc
[CC'ed Uploader]

@Michael(mt):
jedit
http://mentors.debian.net/debian/pool/main/j/jedit/jedit_4.3.1+dfsg-1.dsc

Could you please review and upload them?

Thanks for your time.
Gabriele




On 04/09/2010 10:20 AM, Alexander Reichle-Schmehl wrote:
> Hi!
>
> Moritz Muehlenhoff schrieb:
>
>> bsh code copies don't strike me as a security-relevant overhead,
>> personally I don't have any objections.
>
> If it's fine with you, it's okay with us. We don't like it (the archive
> is already big enough without yet another code copy), but we'll accept it.
>
>
> Best regards,
> Alexander
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvI1JsACgkQp3cdCbVcnCtslgCdHQWlWQ88fI ZTk+EzBkgW+Aa5
wdcAnR4BL5D3tvGSvfHetcdGPr3D+bvc
=0fvC
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4BC8D49B.70109@gmail.com">http://lists.debian.org/4BC8D49B.70109@gmail.com
 
Old 04-18-2010, 08:24 AM
Michael Tautschnig
 
Default jedit_4.3.1+dfsg-1_amd64.changes REJECTED

> Hello,
> now bsh builds bsh-src and jedit build-depends on it.
>
> bsh (Team upload)
> http://mentors.debian.net/debian/pool/main/b/bsh/bsh_2.0b4-11.dsc
> [CC'ed Uploader]
>
> @Michael(mt):
> jedit
> http://mentors.debian.net/debian/pool/main/j/jedit/jedit_4.3.1+dfsg-1.dsc
>
> Could you please review and upload them?
>

[...]

Doing a quick review of jedit only, everything looks fine. I will, however, have
to wait for bsh to get uploaded before starting to build&upload jedit. Torsten,
Michael, are you taking care of bsh? Could you please ping me once it is
uploaded?

Best,
Michael
 
Old 04-18-2010, 07:38 PM
Torsten Werner
 
Default jedit_4.3.1+dfsg-1_amd64.changes REJECTED

Hi Gabriele,

On Fri, Apr 16, 2010 at 11:20 PM, Gabriele Giacone <1o5g4r8o@gmail.com> wrote:
> bsh (Team upload)

just uploading.

Cheers,
Torsten


--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: p2ra90bfcf1004181238l1f034631oea757270b8d542e2@mai l.gmail.com">http://lists.debian.org/p2ra90bfcf1004181238l1f034631oea757270b8d542e2@mai l.gmail.com
 
Old 04-21-2010, 09:13 PM
Michael Tautschnig
 
Default jedit_4.3.1+dfsg-1_amd64.changes REJECTED

> > Hello,
> > now bsh builds bsh-src and jedit build-depends on it.
> >
> > bsh (Team upload)
> > http://mentors.debian.net/debian/pool/main/b/bsh/bsh_2.0b4-11.dsc
> > [CC'ed Uploader]
> >
> > @Michael(mt):
> > jedit
> > http://mentors.debian.net/debian/pool/main/j/jedit/jedit_4.3.1+dfsg-1.dsc
> >
> > Could you please review and upload them?
> >
>
> [...]
>
> Doing a quick review of jedit only, everything looks fine. I will, however, have
> to wait for bsh to get uploaded before starting to build&upload jedit. Torsten,
> Michael, are you taking care of bsh? Could you please ping me once it is
> uploaded?
>

jedit has just been uploaded.

Best,
Michael
 

Thread Tools




All times are GMT. The time now is 07:26 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org