Re: security.d.o packages for etch built on sarge

To: debian-security@lists.debian.org
Subject: Re: security.d.o packages for etch built on sarge
From: kl@jasmine.eu.org (Karol Lewandowski)
Date: Sun, 1 Jul 2007 13:30:25 +0200
Message-id: <[🔎] 20070701113025.GA2795@bizet.domek.prywatny>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20070701013937.GA26322@steve.org.uk>
References: <20070625125607.GA4823@bizet.domek.prywatny> <20070630225924.GA8631@bizet.domek.prywatny> <[🔎] 20070701013937.GA26322@steve.org.uk>

On Sun, Jul 01, 2007 at 02:39:37AM +0100, Steve Kemp wrote:
> On Sun Jul 01, 2007 at 00:59:24 +0200, Karol Lewandowski wrote:
> > On Mon, Jun 25, 2007 at 02:56:07PM +0200, karol wrote:
> > 
> > > It looks like etch's security updates were built on sarge.  python2.3
> > > isn't available in etch making ekg's security update uninstallable.
> > 
> > I would be _very_ happy to hear _any_ comment on that.  I'll probably
> > ask debian-devel if I won't get any answer in next few days.
> 
>   Etch security updates *should* be built upon Etch.  Sarge updates
>  *should* be built upon Sarge.
> 
>   Anything else is liable to break and is a bug which should be fixed
>  with an update.
> 
>   I've checked the build-logs I've got access to (all except i386) and
>  they seem fine.  is it just i386 you see this behavior upon?
>  Do other people see this too, or is it a potentially broken system
>  you're installing upon (I have to ask; some people still have mixed
>  sources.lists files..)

Yes, i386 is broken.  amd64 is ok:

  karol@bizet:~$ wget -qO- http://security.debian.org/debian-security/dists/etch/updates/main/binary-amd64/Packages.bz2 | bzip2 -d | egrep -A7 'Package: ekg'
  Package: ekg
  Priority: optional
  Section: net
  Installed-Size: 812
  Maintainer: Marcin Owsiany <porridge@debian.org>
  Architecture: amd64
  Version: 1:1.7~rc2-1etch1
  Depends: libaspell15 (>= 0.60), libc6 (>= 2.3.5-1), libgadu3 (>= 1:1.7~rc2), libgsm1 (>= 1.0.10), libjpeg62, libncurses5 (>= 5.4-5), libssl0.9.8 (>= 0.9.8c-1), python2.4 (>= 2.3.90), zlib1g (>= 1:1.2.1)


i386 has broken deps:

  karol@bizet:~$ wget -qO- http://security.debian.org/debian-security/dists/etch/updates/main/binary-i386/Packages.bz2 | bzip2 -d | egrep -A7 'Package: ekg'
  Package: ekg
  Priority: optional
  Section: net
  Installed-Size: 740
  Maintainer: Marcin Owsiany <porridge@debian.org>
  Architecture: i386
  Version: 1:1.7~rc2-1etch1
  Depends: libaspell15 (>= 0.60), libc6 (>= 2.3.2.ds1-21), libgadu3 (>= 1:1.7~rc2), libgsm1 (>= 1.0.10), libjpeg62, libncurses5 (>= 5.4-1), libssl0.9.7, python2.3 (>= 2.3), zlib1g (>= 1:1.2.1)


However, blender security update is wrong on both arches.  According to
http://packages.debian.org/stable/graphics/blender package version is
2.42a-7, while security archive has 2.37a-1.1etch1.

  karol@bizet:~$ wget -qO- http://security.debian.org/debian-security/dists/etch/updates/main/binary-amd64/Packages.bz2 | bzip2 -d | egrep -A6 'Package: blender'
  Package: blender
  Priority: optional
  Section: graphics
  Installed-Size: 11148
  Maintainer: Masayuki Hatta (mhatta) <mhatta@debian.org>
  Architecture: amd64
  Version: 2.37a-1.1etch1


Thanks (and sorry for private reply Steve, I've subscribed
to debian-security recently).

Reply to:

Follow-Ups:
- Re: security.d.o packages for etch built on sarge
  - From: kl@jasmine.eu.org (Karol Lewandowski)

References:
- Re: security.d.o packages for etch built on sarge
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Re: security.d.o packages for etch built on sarge
Next by Date: Encrypting drive
Previous by thread: Re: security.d.o packages for etch built on sarge
Next by thread: Re: security.d.o packages for etch built on sarge
Index(es):
- Date
- Thread