<steve.langasek@ubuntu.com> wrote:
>
> On Fri, Feb 11, 2022 at 01:43:31PM -0300, Andreas Hasenack wrote:
> > On Fri, Feb 11, 2022 at 1:33 PM Steve Langasek
> > <steve.langasek@ubuntu.com> wrote:
>
> > > On Fri, Feb 11, 2022 at 11:35:07AM -0300, Andreas Hasenack wrote:
> > > > Hi, I have a question for the MIR (Main Inclusion Request) team members,
>
> > > > New version of nfs-utils upstream (src:nfs-utils in main) pulled[1] in
> > > > code (regex.c file) from another upstream project[2], for which we
> > > > have a package in universe: src:libnfsidmap-regex
>
> > > > Would this require another MIR review? I mean, in general, once a
> > > > package is in main, we don't apply the MIR guidelines to it anymore,
> > > > and they can usually change the code as the project sees fit.
> > > > It just so happens this time we have this exact scenario where the
> > > > code that was pulled already exists and is the sole purpose of
> > > > another, universe, package.
>
> > > > My options are basically:
> > > > a) have src:nfs-utils build bin:libnfsidmap-regex and remove
> > > > src:libnfsidmap-regex from the archive
> > > > b) build src:nfs-utils without producing bin:libnfsidmap-regex, and
> > > > keep building src:libnfsidmap-regex from universe as usual
>
> > > > Option (b) will incurr in delta with debian. I believe[3] Debian will
> > > > eventually remove/obsolete src:libnfsidmap-regex
>
> > > > 1. http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=940caffdfb9953a2ccfecec81664e4a179753461
> > > > 2. https://github.com/isginf/libnfsidmap-regex
> > > > 3. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925022#20
>
> > > I think you should submit it for an additional MIR review if and only if
> > > there is reason to consider the new library security-sensitive. (If it's a
> > > library that will be used by one of the NFS daemons, that's a good reason to
> > > think it's security-sensitive.)
>
> > Yeah, it's an libnfsidmap plugin that applies regular expressions to
> > NFSv4 usernames and group names that come over the wire in the form
> > user@DOMAIN and group@DOMAIN.
>
> > What if I keep bin:libnfsidmap-regex, built from the new
> > src:nfs-utils, in universe? With a remark in d/control that it should
> > not be promoted to main without a specific new MIR?
>
> I think that's also acceptable.
Indeed, if you have no dependency pulling it into main the binary can
live in universe as it did before, just now built from another source.
> --
> Steve Langasek Give me a lever long enough and a Free OS
> Debian Developer to set it on, and I can move the world.
> Ubuntu Developer https://www.debian.org/
> slangasek@ubuntu.com vorlon@debian.org
> --
> ubuntu-devel mailing list
> ubuntu-devel@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
