| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
On 10/08/11 22:45, Matt Turner wrote: |
| 5 |
> On Sat, Oct 8, 2011 at 10:20 AM, Markos Chandras |
| 6 |
> <hwoarang@g.o> wrote: |
| 7 |
>> On 10/08/2011 02:19 PM, Matt Turner wrote: |
| 8 |
>>> On Sat, Oct 8, 2011 at 4:47 AM, Samuli Suominen |
| 9 |
>>> <ssuominen@g.o> wrote: |
| 10 |
>>>> # Samuli Suominen <ssuominen@g.o> (08 Oct 2011) # |
| 11 |
>>>> Fails to compile against system libpng15, bug 356127 # |
| 12 |
>>>> Removal in 14 days |
| 13 |
>>> |
| 14 |
>>> 14 days? |
| 15 |
>>> |
| 16 |
>>>> media-gfx/pngcrush |
| 17 |
>>> |
| 18 |
>> We can't really wait forever for slacking maintainers to fix |
| 19 |
>> their packages. amd64 is almost ready to have libpng-1.5 stable |
| 20 |
>> in the very near future |
| 21 |
> |
| 22 |
> Two things: |
| 23 |
> |
| 24 |
> 1) I'm *really* tired of the usage of the word "slacking" on this |
| 25 |
> mailing list. If you or someone else wants to pay me to work on |
| 26 |
> Gentoo, *then* you can tell me that I'm slacking. Otherwise, I'm a |
| 27 |
> volunteer working on things that interest me in my free time. I |
| 28 |
> truly do have more important things to do than to figure out how to |
| 29 |
> port pngcrush to libpng1.5. Namely, graduate school and midterm |
| 30 |
> exams. |
| 31 |
|
| 32 |
The bug is open since February (9 months). If you can't handle a bug |
| 33 |
in 9 months then maybe you should consider stepping down as a |
| 34 |
maintainer. Handling does not necessarily mean fixing. Masking could |
| 35 |
be an acceptable solution as well. The fact that nobody pays us does |
| 36 |
not mean that we can use that as an excuse for lower the QA barrier of |
| 37 |
portage tree. If only I got a $1 everytime I hear this "excuse"... |
| 38 |
|
| 39 |
> |
| 40 |
> 2) What exactly is it that you want me to do here? Upstream is |
| 41 |
> aware of the problem, and seems to be working on it as there are |
| 42 |
> comments about libpng15 in pngcrush.c. Hanno kindly stepped in and |
| 43 |
> made pngcrush use a bundled libpng14 (and at the same time bundled |
| 44 |
> zlib, which has now been fixed), which you promptly masked. I'm not |
| 45 |
> sure if the problem is bundled libs in general or specifically |
| 46 |
> zlib, but we *know* it's distasteful. It's not like that's a |
| 47 |
> preferred or permanent solution. Do you find that somehow more |
| 48 |
> distasteful than removing a piece of software from from portage |
| 49 |
> that's been in the tree since 2002? |
| 50 |
> |
| 51 |
|
| 52 |
First of all, pay some attention and ready the masking message. It |
| 53 |
says "Waiting for upstream to fix it". It says nothing about removal. |
| 54 |
Hanno did two commits |
| 55 |
1) use bundled zlib and libpng14. Doh this is not a fix. It is barely |
| 56 |
a workaround. What if a vulnerability is discovered in the bundled |
| 57 |
version of libpng in the next months? Will upstream fix it? Highly |
| 58 |
unlikely since they don't seem able to keep up with libpng releases. |
| 59 |
|
| 60 |
2) Next commit, unbundle zlib, use bundled libpng. Say problem as before. |
| 61 |
|
| 62 |
So until you or upstream or someone else comes up with a proper fix |
| 63 |
this will remain masked. If you still disagree feel free to talk to QA. |
| 64 |
|
| 65 |
Finally, yes I know that we have plenty of bundled libs around but |
| 66 |
this is not an excuse. Sometimes we cannot avoid that but in this case |
| 67 |
it makes perfect sense to mask it and proceed with libpng15 |
| 68 |
stabilization or whatever. Moreover pngcrush has no rdeps so no other |
| 69 |
packages affect by this change. We have the same problem with optipng |
| 70 |
but we can't mask it because there are reverse dependencies that will |
| 71 |
be affected. |
| 72 |
|
| 73 |
- -- |
| 74 |
Regards, |
| 75 |
Markos Chandras / Gentoo Linux Developer / Key ID: B4AFF2C2 |
| 76 |
-----BEGIN PGP SIGNATURE----- |
| 77 |
Version: GnuPG v2.0.18 (GNU/Linux) |
| 78 |
|
| 79 |
iQIcBAEBCgAGBQJOkPu7AAoJEPqDWhW0r/LC5OoP/iqw4tdzp/0blCmvKWqLXt9R |
| 80 |
DD1EwrBp0o/cvG7RtwMkezW+IDWkBhmQLwXLxSh2pYtSgBzKs6F9FmyI3xkRO6Ba |
| 81 |
1dKunJQaqvWDOrfXjvtZZ8FewovFbefxvekZeOh+6FSXXra3JG2sV0aM5JXuM5Xs |
| 82 |
fN5DiGNXwzQV8p3XnG2mNldGzwN+Q3w3uWHkAW/ogxC3R7hluieL7P+UVYF2arCJ |
| 83 |
v5JXFBoGmHrTvDh4jG10/vunCV0bhK+diXTLA+L4W3nqdcohvNeaulnSXc+v5Q0W |
| 84 |
NS1KPTMtWqbuucWU87z189PH2otCrRBC+YTt7Vr/h8lSMfTWQxYQP2bOIUceh8Ru |
| 85 |
SG12y6kfU+NPNZxIH5AeO+yeLapQyVDOQBXqbAW2R4+u3H9XNbFxi9aoKhthLBF5 |
| 86 |
akXcAO/SVji5reDtoMcvsBCgQeqO3eYjagyr8OfLA8Cfh0SqVRbZ9fx79RKSY0fz |
| 87 |
uROKXqcEqcD2o4egc0VXDYGtlPm1xZaTwZzLRG3ZKX5DB+p/Smi/fw4SaK9OY+Si |
| 88 |
3my9tTT/3jilhQupDytcRbkDV77yleyRy/1eQCxsm/nOoGLTsvXf7bjLS+sscdDU |
| 89 |
HUX9+uD2SQFnUxSPyK0axk4FkXXqPteTGKoSNSG5udIBkUg++K8dKHX0pd8Frq6W |
| 90 |
wkkFI+lm4pPABkES2Px+ |
| 91 |
=5dMm |
| 92 |
-----END PGP SIGNATURE----- |
Archives