Luk Claes wrote: > > okay, it looks like the problem was that the person who did the security > > upload built the package in a sarge chroot without /proc mounted (i can > > duplicate the problem unmounting /proc in my pbuilder chroot). > > > > so, my question is what are the next steps? can the security team just > > trigger a rebuild/binNMU, or do we need another sourceful upload? if so > > should i provide an update in debian/rules that checks for /proc to be > > mounted just in case this happens again? > > I think I can schedule binNMUs now though the buildds have to have proc > mounted beforehand or the one signing has to be careful enough not to > sign if it's not yet fixed with the binNMU. > > So I guess that's up to the Security Team to decide.
I don't really remember if/why procfs wasn't mounted. I build Sarge in a chroot and Etch on a stable-only, real system. Unfortunately it wasn't spotted neither by myself, nor the people that also tested the update prior to release. I'll add a note, that we integrate the existing bin-checker into the planned security update beta test program. Please go ahead with a binNMU: Only the broken i386 manual build should be affected AFAICS. > You do check for a mounted proc in the unstable/testing/experimental > version, right? I kind of remember seeing it as the check fails even if > there is a proc mounted from outside the chroot... Maybe we can talk to Lucas Nussbaum, whether he wants to run an archive rebuild w/ and w/o procfs mounted and compare the diffs, so that we can spot package failures like this in advance? Since a mounted procfs is a prevailing setup many other maintainers might take it for granted w/o checking explicitly. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]