[ CC-ing debian-java and mkoch - bsh maintainers. This thread starts
from <4BB3CD1C.8000005@gmail.com> ]
On 04/03/2010 11:43 PM, Michael Tautschnig wrote:
>> * Gabriele Giacone:
>>
>>> For example openjdk-6-source: source code is in both orig tarball and
>>> openjdk-6-source binary package. This is a duplication, isn't it?
>>
>> First, the duplication refers to source packages.
Good, so my proposal below (bsh-src + patch) could be ok.
>> Second,
>> openjdk-6-source is like the emacs*-el packages, it provides IDE
>> navigation support.
>>
>>> Regarding jedit, what about adding the creation of bsh-src binary
>>> package, adding bsh-src to jedit's Build-Depends and applying jedit
>>> patch at build time?
>>
>> You could use reflection or AOP for that so that you don't need source
>> code at all.
IMHO this could be the best solution but I'm not a developer.
>> However, the correct way is to get the changes you need into the
>> upstream version, or adjust the client code. We do this for non-Java
>> code all the time.
>
> As I understood Gabriele, bsh is dead upstream, so it's actually up to Debian
> maintainers of bsh and Gabriele to sort that out, I guess. I haven't yet
> understood how intrusive that patch is, i.e., whether it breaks bsh core
> functionality or merely extends bsh. Gabriele? bsh maintainers?
Michael (mt), I pasted true changes (excluding references to
"org.gjt.sp.jedit.bsh" instead of "bsh", comments and some StringBuffer
that become StringBuilder) here [1].
Personally I wouldn't apply that changes to bsh sources to satisfy a
jedit-only need.
I would proceed in this way:
bsh: add bsh-src binary creation
jedit:
- - remove Debian bsh sources (added to the rejected package [2])
- - add bsh-src as builddep
- - apply jedit patch and build against patched bsh.
- - switch to "public" package like bsh so if someone wanted to
write a reflection/AOP patch, it would easily be done without asking.
--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4BB8F651.2040902@gmail.com">http://lists.debian.org/4BB8F651.2040902@gmail.com
04-05-2010, 10:52 AM
Michael Tautschnig
jedit_4.3.1+dfsg-1_amd64.changes REJECTED
[...]
>
> I would proceed in this way:
> bsh: add bsh-src binary creation
> jedit:
> - remove Debian bsh sources (added to the rejected package [2])
> - add bsh-src as builddep
I think if you do a versioned builddep (exact version) then at the very latest
an archive rebuild will ensure that jedit gets fixed after a security upload.
Unless, of course, the security team does rdep checks anyway.
> - apply jedit patch and build against patched bsh.
> - switch to "public" package like bsh so if someone wanted to
> write a reflection/AOP patch, it would easily be done without asking.
>
> Would it be rejected again?
>
That now seems to be the security team's decision.
Best,
Michael
04-08-2010, 10:02 PM
Moritz Muehlenhoff
jedit_4.3.1+dfsg-1_amd64.changes REJECTED
On Mon, Apr 05, 2010 at 12:52:39PM +0200, Michael Tautschnig wrote:
> [...]
>
> >
> > I would proceed in this way:
> > bsh: add bsh-src binary creation
> > jedit:
> > - remove Debian bsh sources (added to the rejected package [2])
> > - add bsh-src as builddep
>
> I think if you do a versioned builddep (exact version) then at the very latest
> an archive rebuild will ensure that jedit gets fixed after a security upload.
> Unless, of course, the security team does rdep checks anyway.
>
> > - apply jedit patch and build against patched bsh.
> > - switch to "public" package like bsh so if someone wanted to
> > write a reflection/AOP patch, it would easily be done without asking.
> >
> > Would it be rejected again?
> >
>
> That now seems to be the security team's decision.
bsh code copies don't strike me as a security-relevant overhead,
personally I don't have any objections.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20100408220221.GC3131@galadriel.inutil.org">http://lists.debian.org/20100408220221.GC3131@galadriel.inutil.org
04-09-2010, 08:20 AM
Alexander Reichle-Schmehl
jedit_4.3.1+dfsg-1_amd64.changes REJECTED
Hi!
Moritz Muehlenhoff schrieb:
bsh code copies don't strike me as a security-relevant overhead,
personally I don't have any objections.
If it's fine with you, it's okay with us. We don't like it (the archive
is already big enough without yet another code copy), but we'll accept it.
Best regards,
Alexander
--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4BBEE34A.4030208@debian.org">http://lists.debian.org/4BBEE34A.4030208@debian.org
04-16-2010, 09:20 PM
Gabriele Giacone
jedit_4.3.1+dfsg-1_amd64.changes REJECTED
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
now bsh builds bsh-src and jedit build-depends on it.
On 04/09/2010 10:20 AM, Alexander Reichle-Schmehl wrote:
> Hi!
>
> Moritz Muehlenhoff schrieb:
>
>> bsh code copies don't strike me as a security-relevant overhead,
>> personally I don't have any objections.
>
> If it's fine with you, it's okay with us. We don't like it (the archive
> is already big enough without yet another code copy), but we'll accept it.
>
>
> Best regards,
> Alexander
>
--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4BC8D49B.70109@gmail.com">http://lists.debian.org/4BC8D49B.70109@gmail.com
04-18-2010, 08:24 AM
Michael Tautschnig
jedit_4.3.1+dfsg-1_amd64.changes REJECTED
> Hello,
> now bsh builds bsh-src and jedit build-depends on it.
>
> bsh (Team upload)
> http://mentors.debian.net/debian/pool/main/b/bsh/bsh_2.0b4-11.dsc
> [CC'ed Uploader]
>
> @Michael(mt):
> jedit
> http://mentors.debian.net/debian/pool/main/j/jedit/jedit_4.3.1+dfsg-1.dsc
>
> Could you please review and upload them?
>
[...]
Doing a quick review of jedit only, everything looks fine. I will, however, have
to wait for bsh to get uploaded before starting to build&upload jedit. Torsten,
Michael, are you taking care of bsh? Could you please ping me once it is
uploaded?
Best,
Michael
04-18-2010, 07:38 PM
Torsten Werner
jedit_4.3.1+dfsg-1_amd64.changes REJECTED
Hi Gabriele,
On Fri, Apr 16, 2010 at 11:20 PM, Gabriele Giacone <1o5g4r8o@gmail.com> wrote:
> bsh (Team upload)
just uploading.
Cheers,
Torsten
--
To UNSUBSCRIBE, email to debian-java-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: p2ra90bfcf1004181238l1f034631oea757270b8d542e2@mai l.gmail.com">http://lists.debian.org/p2ra90bfcf1004181238l1f034631oea757270b8d542e2@mai l.gmail.com
04-21-2010, 09:13 PM
Michael Tautschnig
jedit_4.3.1+dfsg-1_amd64.changes REJECTED
> > Hello,
> > now bsh builds bsh-src and jedit build-depends on it.
> >
> > bsh (Team upload)
> > http://mentors.debian.net/debian/pool/main/b/bsh/bsh_2.0b4-11.dsc
> > [CC'ed Uploader]
> >
> > @Michael(mt):
> > jedit
> > http://mentors.debian.net/debian/pool/main/j/jedit/jedit_4.3.1+dfsg-1.dsc
> >
> > Could you please review and upload them?
> >
>
> [...]
>
> Doing a quick review of jedit only, everything looks fine. I will, however, have
> to wait for bsh to get uploaded before starting to build&upload jedit. Torsten,
> Michael, are you taking care of bsh? Could you please ping me once it is
> uploaded?
>
jedit_4.3.1+dfsg-1_amd64.changes REJECTED
