On Fri, Jan 22, 2010 at 09:44:39PM +0100, Torsten Werner wrote: > brian m. carlson schrieb: > > I'm upgrading this bug report to grave, because I've done more tests > > and it seems that this bug causes the resolver to produce bizarre, > > inconsistent results and makes it unsuitable for a stable release. > > Grave means: makes the package in question unusable or mostly so, or > causes data loss, or introduces a security hole allowing access to the > accounts of users who use the package.
A catalog resolver that produces completely wrong (and bizarre) results is not practically usable. XSLT stylesheets that reference an HTTP URL but rely on the catalog resolver to redirect those to local files are broken. Since /etc/xml/catalog is not generated in a specified order, this causes different behavior on different systems where no relevant difference exists. A lot of the broken behavior is now noticable since, due to #560056, catalog resolvers are the only way to resolve HTTP URLs for most XML applications. In the case where the resolver would produce a null result, there would be a fallback to HTTP, and the data would be loaded, albeit more slowly and inefficiently. Right now, because of #560056, that means applications don't work. > Are you sure about the severity? Yes. Even if someone were to disagree that this bug is grave, at the very least, this is serious, since nobody can reasonably claim that the package in this state is suitable for release. > > Three out of four of these are wrong. > > I am getting the same error with upstream's binary (version 1.2). Can > you reproduce that? Yes. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
