FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Java

 
 
LinkBack Thread Tools
 
Old 04-05-2010, 08:20 AM
"Alexander Reichle-Schmehl"
 
Default AW: jedit_4.3.1+dfsg-1_amd64.changes REJECTED

(Sorry for the TOFU Mail; send from my Handheld.)

Hi!

Again such a package will only be accepted, if the security team gave their okay, as it still might not solve their problem completely: If a security problem is found and fixed in bsh, does jedit need to be recompiled, too, to pick up the security patch applied to bsh?

Best regards,
**Alexander




Gabriele Giacone <1o5g4r8o@gmail.com> schrieb am 04.04.2010 22:28:

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



[ CC-ing debian-java and mkoch - bsh maintainers. This thread starts

from <4BB3CD1C.8000005@gmail.com> ]



On 04/03/2010 11:43 PM, Michael Tautschnig wrote:

>> * Gabriele Giacone:

>>

>>> For example openjdk-6-source: source code is in both orig tarball and

>>> openjdk-6-source binary package. This is a duplication, isn't it?

>>

>> First, the duplication refers to source packages.

Good, so my proposal below (bsh-src + patch) could be ok.



>> Second,

>> openjdk-6-source is like the emacs*-el packages, it provides IDE

>> navigation support.

>>

>>> Regarding jedit, what about adding the creation of bsh-src binary

>>> package, adding bsh-src to jedit's Build-Depends and applying jedit

>>> patch at build time?

>>

>> You could use reflection or AOP for that so that you don't need source

>> code at all.



IMHO this could be the best solution but I'm not a developer.



>> However, the correct way is to get the changes you need into the

>> upstream version, or adjust the client code. We do this for non-Java

>> code all the time.

>

> As I understood Gabriele, bsh is dead upstream, so it's actually up to Debian

> maintainers of bsh and Gabriele to sort that out, I guess. I haven't yet

> understood how intrusive that patch is, i.e., whether it breaks bsh core

> functionality or merely extends bsh. Gabriele? bsh maintainers?

Michael (mt), I pasted true changes (excluding references to

"org.gjt.sp.jedit.bsh" instead of "bsh", comments and some StringBuffer

that become StringBuilder) here [1].

Personally I wouldn't apply that changes to bsh sources to satisfy a

jedit-only need.



I would proceed in this way:

bsh: add bsh-src binary creation

jedit:

- - remove Debian bsh sources (added to the rejected package [2])

- - add bsh-src as builddep

- - apply jedit patch and build against patched bsh.

- - switch to "public" package like bsh so if someone wanted to

write a reflection/AOP patch, it would easily be done without asking.



Would it be rejected again?



Gabriele



[1] http://paste.debian.net/67419

[2]

http://mentors.debian.net/debian/pool/main/j/jedit/jedit_4.3.1+dfsg-1.dsc

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.10 (GNU/Linux)



iEYEARECAAYFAku49kYACgkQp3cdCbVcnCtqQwCg+GSyNP95pC Mb2gx51Lydod5a

P1YAoMyl1YY/RB5OnVJzCqIAMOuvB+Gr

=OpiL

-----END PGP SIGNATURE-----
 

Thread Tools




All times are GMT. The time now is 12:08 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org