1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA512 |
3 |
|
4 |
On 10/08/11 22:45, Matt Turner wrote: |
5 |
> On Sat, Oct 8, 2011 at 10:20 AM, Markos Chandras |
6 |
> <hwoarang@g.o> wrote: |
7 |
>> On 10/08/2011 02:19 PM, Matt Turner wrote: |
8 |
>>> On Sat, Oct 8, 2011 at 4:47 AM, Samuli Suominen |
9 |
>>> <ssuominen@g.o> wrote: |
10 |
>>>> # Samuli Suominen <ssuominen@g.o> (08 Oct 2011) # |
11 |
>>>> Fails to compile against system libpng15, bug 356127 # |
12 |
>>>> Removal in 14 days |
13 |
>>> |
14 |
>>> 14 days? |
15 |
>>> |
16 |
>>>> media-gfx/pngcrush |
17 |
>>> |
18 |
>> We can't really wait forever for slacking maintainers to fix |
19 |
>> their packages. amd64 is almost ready to have libpng-1.5 stable |
20 |
>> in the very near future |
21 |
> |
22 |
> Two things: |
23 |
> |
24 |
> 1) I'm *really* tired of the usage of the word "slacking" on this |
25 |
> mailing list. If you or someone else wants to pay me to work on |
26 |
> Gentoo, *then* you can tell me that I'm slacking. Otherwise, I'm a |
27 |
> volunteer working on things that interest me in my free time. I |
28 |
> truly do have more important things to do than to figure out how to |
29 |
> port pngcrush to libpng1.5. Namely, graduate school and midterm |
30 |
> exams. |
31 |
|
32 |
The bug is open since February (9 months). If you can't handle a bug |
33 |
in 9 months then maybe you should consider stepping down as a |
34 |
maintainer. Handling does not necessarily mean fixing. Masking could |
35 |
be an acceptable solution as well. The fact that nobody pays us does |
36 |
not mean that we can use that as an excuse for lower the QA barrier of |
37 |
portage tree. If only I got a $1 everytime I hear this "excuse"... |
38 |
|
39 |
> |
40 |
> 2) What exactly is it that you want me to do here? Upstream is |
41 |
> aware of the problem, and seems to be working on it as there are |
42 |
> comments about libpng15 in pngcrush.c. Hanno kindly stepped in and |
43 |
> made pngcrush use a bundled libpng14 (and at the same time bundled |
44 |
> zlib, which has now been fixed), which you promptly masked. I'm not |
45 |
> sure if the problem is bundled libs in general or specifically |
46 |
> zlib, but we *know* it's distasteful. It's not like that's a |
47 |
> preferred or permanent solution. Do you find that somehow more |
48 |
> distasteful than removing a piece of software from from portage |
49 |
> that's been in the tree since 2002? |
50 |
> |
51 |
|
52 |
First of all, pay some attention and ready the masking message. It |
53 |
says "Waiting for upstream to fix it". It says nothing about removal. |
54 |
Hanno did two commits |
55 |
1) use bundled zlib and libpng14. Doh this is not a fix. It is barely |
56 |
a workaround. What if a vulnerability is discovered in the bundled |
57 |
version of libpng in the next months? Will upstream fix it? Highly |
58 |
unlikely since they don't seem able to keep up with libpng releases. |
59 |
|
60 |
2) Next commit, unbundle zlib, use bundled libpng. Say problem as before. |
61 |
|
62 |
So until you or upstream or someone else comes up with a proper fix |
63 |
this will remain masked. If you still disagree feel free to talk to QA. |
64 |
|
65 |
Finally, yes I know that we have plenty of bundled libs around but |
66 |
this is not an excuse. Sometimes we cannot avoid that but in this case |
67 |
it makes perfect sense to mask it and proceed with libpng15 |
68 |
stabilization or whatever. Moreover pngcrush has no rdeps so no other |
69 |
packages affect by this change. We have the same problem with optipng |
70 |
but we can't mask it because there are reverse dependencies that will |
71 |
be affected. |
72 |
|
73 |
- -- |
74 |
Regards, |
75 |
Markos Chandras / Gentoo Linux Developer / Key ID: B4AFF2C2 |
76 |
-----BEGIN PGP SIGNATURE----- |
77 |
Version: GnuPG v2.0.18 (GNU/Linux) |
78 |
|
79 |
iQIcBAEBCgAGBQJOkPu7AAoJEPqDWhW0r/LC5OoP/iqw4tdzp/0blCmvKWqLXt9R |
80 |
DD1EwrBp0o/cvG7RtwMkezW+IDWkBhmQLwXLxSh2pYtSgBzKs6F9FmyI3xkRO6Ba |
81 |
1dKunJQaqvWDOrfXjvtZZ8FewovFbefxvekZeOh+6FSXXra3JG2sV0aM5JXuM5Xs |
82 |
fN5DiGNXwzQV8p3XnG2mNldGzwN+Q3w3uWHkAW/ogxC3R7hluieL7P+UVYF2arCJ |
83 |
v5JXFBoGmHrTvDh4jG10/vunCV0bhK+diXTLA+L4W3nqdcohvNeaulnSXc+v5Q0W |
84 |
NS1KPTMtWqbuucWU87z189PH2otCrRBC+YTt7Vr/h8lSMfTWQxYQP2bOIUceh8Ru |
85 |
SG12y6kfU+NPNZxIH5AeO+yeLapQyVDOQBXqbAW2R4+u3H9XNbFxi9aoKhthLBF5 |
86 |
akXcAO/SVji5reDtoMcvsBCgQeqO3eYjagyr8OfLA8Cfh0SqVRbZ9fx79RKSY0fz |
87 |
uROKXqcEqcD2o4egc0VXDYGtlPm1xZaTwZzLRG3ZKX5DB+p/Smi/fw4SaK9OY+Si |
88 |
3my9tTT/3jilhQupDytcRbkDV77yleyRy/1eQCxsm/nOoGLTsvXf7bjLS+sscdDU |
89 |
HUX9+uD2SQFnUxSPyK0axk4FkXXqPteTGKoSNSG5udIBkUg++K8dKHX0pd8Frq6W |
90 |
wkkFI+lm4pPABkES2Px+ |
91 |
=5dMm |
92 |
-----END PGP SIGNATURE----- |