Hi all,

While we are waiting for the response of glib upstream (no response from glib
authors yet), I'd like to mention that current ibus in both stable-security
and Testing/Sid are already broken. With next stable point release, we would
break everyone's ibus whenever they are using Debian 10. As pointed out in 
https://lists.debian.org/debian-input-method/2019/10/msg00047.html , there are
already some bug reports against qt5-based software.

I'm not saying that we must take actions right now but at least this bug
should be re-evaluated before next stable point release.

Thanks,
Boyuan Yang

在 2019-10-22二的 21:32 +0200,Gunnar Hjalmarsson写道:
> On 2019-10-22 20:58, Simon McVittie wrote:
> > On Tue, 22 Oct 2019 at 19:30:51 +0200, Gunnar Hjalmarsson wrote:
> > > @Simon: Any thoughts on the status of your glib MR? Is it safe
> > > enough to patch glib2.0 in Debian, and with that fix this bug?
> > 
> > I don't think we should be applying changes this significant to code
> > this important (it's at a security boundary) without proper review.
> > 
> > If you consider my proposed code changes to be correct (apart from
> > the memory leak that I just spotted, which I'll fix when I get a
> > chance), please say so on the upstream merge request.
> 
> Those changes are over my head, so I'm not able to tell whether they are 
> "correct". But I added a comment with the purpose of encouraging reviews 
> soon. :)

Reply via email to