USN-186-1 (mozilla, mozilla-firefox) updates broken on Hoary
john.dong at gmail.com
Mon Sep 26 05:12:19 CDT 2005
On 9/26/05, Martin Pitt <martin.pitt at ubuntu.com> wrote:
> hi John!
> John Dong [2005-09-25 10:50 -0400]:
> > Yeah, I've been looking at this issue. The transition was done around
> > 1.0.2-1.0.5, when Ubuntu didn't release any updates for several security
> > vulnerabilities in Firefox.
> Right, it took a while, backporting was a mess...
> > As a result, Backports team just pulled the
> > latest Breezy package (which has undergone mozilla-firefox->firefox
> > transitions), and had to re-create the mozilla-firefox transitional
> > because devhelper depended on a specific version of mozilla-firefox that
> > just a virtual Provides: line could not satisfy. We certainly didn't
> > package just because we felt like it :).
> I wasn't saying that, I'm aware of the naming mess. I'm aware of the
> fact that you did not deliberately break it :-), but it's broken now,
> and we should find a solution tot it. In Hoary it is called m-f, and
> we can't rename a security update just because backports renamed it.
> > With 1.0.7, Breezy has gone too far away from Hoary, and libcairo
> > no longer work when compiling Breezy 1.0.7 on Hoary. So, our options
> > 1) Just use the aptitude process you described
> ... with a proper transition package this would probably be the
> cleanest solution. With 1.0.7 being in hoary-security I don't see any
> need to backport the Breezy version to Hoary.
> > 4) Get hoary-security packages to properly override hoary-backports
> > Backports-style firefox packages are identical to what Breezy has, so
> > upgrade to Breezy has been confirmed time and time again to be working
> > properly.
> No, because hoary's ubuntu-desktop depends on m-f, not f, and there is
> no m-f transitional package, so it is not the same.
> > It's the hoary-security packages that have introduced the weird
> > unthinkable case.
> It didn't. A hoary->hoary-security->breezy upgrade works exactly like
> it is supposed to. The security update did not introduce any naming
> change and the like.
> > I personally perfer 4. A few Conflicts: lines would fix everything.
> Negative. A package will not be removed just because another package
> conflicts to it. You need a proper transition package (an empty
> package "firefox" that depends on m-f). Also, adding a conflict could
> break the hoary->breezy upgrade easily.
> John, creating a transition package is easy; I can help you to do it,
> if you want (Breezy's m-f package is a good example, it does the
> transition the other way round). James, would you accept that into
> hoary-backports? If we cannot upload packages directly into h-b, then
> the only solution seems to be a manual cleanup... :-(
Sure, I'd love for you guys to help us make a transition package.
Thanks and have a nice day!
> Martin Pitt http://www.piware.de
> Ubuntu Developer http://www.ubuntulinux.org
> Debian Developer http://www.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> -----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-backports