tags 658326 + upstream notfixed 658326 5.0.3+dfsg-0.1 thanks Hi there!
On Mon, 30 Apr 2012 11:21:51 +0200, Debian Bug Tracking System wrote: > Your message dated Mon, 30 Apr 2012 09:17:34 +0000 > with message-id <e1somje-0005ra...@franck.debian.org> > and subject line Bug#658326: fixed in bacula 5.0.3+dfsg-0.1 > has caused the Debian Bug report #658326, > regarding bacula: sha implimentation is non-free > to be marked as done. [...] > Changes: > bacula (5.0.3+dfsg-0.1) unstable; urgency=low > . > * Non-maintainer upload. > * Remove non-free SHA implementation (Closes: #658326). > * debian/control: add libncurses5-dev into Build-Depends Thank you for the NMU, but this is NOT the proper way, please read: <http://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu> Specifically: ยง 5.11.1. When and how to do an NMU Before doing an NMU, consider the following questions: [...] * How confident are you about your changes? Please remember the Hippocratic Oath: "Above all, do no harm." It is better to leave a package with an open grave bug than applying a non-functional patch, or one that hides the bug instead of resolving it. If you are not 100% sure of what you did, it might be a good idea to seek advice from others. Remember that if you break something in your NMU, many people will be very unhappy about it. 1) Have you checked what are the implication of removing the non-free SHA1 implementation? I imagine that all the installations that have 'signature=SHA1' in their FileSet resources are now broken, which is not acceptable without any warning *before* installation via NEWS.Debian, so administrators can act accordingly. This is why I marked this bug as notfixed. 2) Have you seen that Karl (the original submitter) specifically talked about stable and oldstable? The problem should be fixed there as well, but the first question above must be addressed first. Karl, given that the latest upstream sources still contain the incriminated files, have you already brought this problem up to the upstream authors? <http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/src/lib/sha1.c> <http://www.bacula.org/git/cgit.cgi/bacula/tree/bacula/src/lib/sha1.h> Going on with the NMU policies: * Have you clearly expressed your intention to NMU, at least in the BTS? It is also a good idea to try to contact the maintainer by other means (private email, IRC). When doing an NMU, you must first make sure that your intention to NMU is clear. Then, you must send a patch with the differences between the current package and your proposed NMU to the BTS. The nmudiff script in the devscripts package might be helpful. Sometimes, release managers decide to allow NMUs with shorter delays for a subset of bugs (e.g release-critical bugs older than 7 days). Also, some maintainers list themselves in the Low Threshold NMU list, and accept that NMUs are uploaded without delay. But even in those cases, it's still a good idea to give the maintainer a few days to react before you upload, especially if the patch wasn't available in the BTS before, or if you know that the maintainer is generally active. You have not contacted the pkg-bacula-devel@ mailing list neither sent anything to the BTS. Please note that I am not saying that I (as one of the bacula maintainers) am active (actually, it is more the contrary). Moreover, your NMU does not *only* include the fix for #658326, but also the one for #646730, without any notice neither taking into account the submitter proposal (patching the upstream build system). Thx, bye, Gismo / Luca
pgpb6eMiYEOGc.pgp
Description: PGP signature
