USN-186-1 (mozilla, mozilla-firefox) updates broken on Hoary

Mon Sep 26 05:12:19 CDT 2005

On 9/26/05, Martin Pitt <martin.pitt at ubuntu.com> wrote:
>
> hi John!
>
> John Dong [2005-09-25 10:50 -0400]:
> > Yeah, I've been looking at this issue. The transition was done around
> > 1.0.2-1.0.5, when Ubuntu didn't release any updates for several security
> > vulnerabilities in Firefox.
>
> Right, it took a while, backporting was a mess...
>
> > As a result, Backports team just pulled the
> > latest Breezy package (which has undergone mozilla-firefox->firefox
> > transitions), and had to re-create the mozilla-firefox transitional
> package
> > because devhelper depended on a specific version of mozilla-firefox that
> > just a virtual Provides: line could not satisfy. We certainly didn't
> rename
> > package just because we felt like it :).
>
> I wasn't saying that, I'm aware of the naming mess. I'm aware of the
> fact that you did not deliberately break it :-), but it's broken now,
> and we should find a solution tot it. In Hoary it is called m-f, and
> we can't rename a security update just because backports renamed it.
>
> > With 1.0.7, Breezy has gone too far away from Hoary, and libcairo
> bindings
> > no longer work when compiling Breezy 1.0.7 on Hoary. So, our options
> are:
>
> > 1) Just use the aptitude process you described
>
> ... with a proper transition package this would probably be the
> cleanest solution. With 1.0.7 being in hoary-security I don't see any
> need to backport the Breezy version to Hoary.
>
> > 4) Get hoary-security packages to properly override hoary-backports
> > Backports-style firefox packages are identical to what Breezy has, so
> the
> > upgrade to Breezy has been confirmed time and time again to be working
> > properly.
>
> No, because hoary's ubuntu-desktop depends on m-f, not f, and there is
> no m-f transitional package, so it is not the same.
>
> > It's the hoary-security packages that have introduced the weird
> > unthinkable case.
>
> It didn't. A hoary->hoary-security->breezy upgrade works exactly like
> it is supposed to. The security update did not introduce any naming
> change and the like.
>
> > I personally perfer 4. A few Conflicts: lines would fix everything.
>
> Negative. A package will not be removed just because another package
> conflicts to it. You need a proper transition package (an empty
> package "firefox" that depends on m-f). Also, adding a conflict could
> break the hoary->breezy upgrade easily.
>
> John, creating a transition package is easy; I can help you to do it,
> if you want (Breezy's m-f package is a good example, it does the
> transition the other way round). James, would you accept that into
> hoary-backports? If we cannot upload packages directly into h-b, then
> the only solution seems to be a manual cleanup... :-(

Sure, I'd love for you guys to help us make a transition package.

Thanks and have a nice day!
>
> Martin
> --
> Martin Pitt http://www.piware.de
> Ubuntu Developer http://www.ubuntulinux.org
> Debian Developer http://www.debian.org
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
>
> iD8DBQFDN4g0DecnbV4Fd/IRArGGAJ9rX+FXdYrPRrE1vWShiak6X9wM4QCgpASA
> USw7Sxq7f98hE7/rle1bKXk=
> =EB3J
> -----END PGP SIGNATURE-----
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ubuntu.com/archives/ubuntu-backports/attachments/20050926/6e54ee57/attachment.htm