Warty final todo list
mdz at canonical.com
Wed Oct 13 16:42:25 CDT 2004
With the release candidate safely out the door, we have a few remaining
critical fixes to make for the final release. Here's the current todo list
apache2 security: CAN-2004-0885 (Thom)
tiff security: https://bugzilla.ubuntu.com/show_bug.cgi?id=2344 (Fabio)
gzip https://bugzilla.ubuntu.com/1854 (Me)
portmap https://bugzilla.ubuntu.com/505 (Fabio)
hal Need to revert a change with unwanted side effects (Martin Pitt)
initrd-tools https://bugzilla.ubuntu.com/show_bug.cgi?id=2341 (Thom)
gzip and portmap have patches in Bugzilla, and packages here (source, amd64,
powerpc and i386):
deb http://people.ubuntu.com/~mdz/warty-rc-fixes/$(ARCH) /
deb-src http://people.ubuntu.com/~mdz/warty-rc-fixes/source /
Please give them as much testing as you can.
The only code affected in gzip is the handling of signals, which happens to
be something which happens a lot when installing packages with apt and dpkg.
It would be ideal if someone could perform some large system upgrades using
this gzip. This bug is important to fix because it can break various
packaging operations on multiprocessor machines, including our own server
portmap needs to be changed to listen only on the loopback interface by
default, in order to comply with the security policy. It does NOT, as
previously thought, reject connections by default unless enabled in
hosts.allow. See notes in Bugzilla.
tiff and apache2 will be updated using security patches prepared by the
upstream maintainers, but they deserve extra testing as well before they go
into the archive.
Martin has a fixed package in hand for hal, which should be quite safe, as
it is merely reverting an earlier change to fix a regression in a
last-minute update and bring the package closer to a known-good state.
In initrd-tools, it has been proposed that we should reverse the order of
loading the fan and thermal modules, as this avoids severe problems
(overheating) on some HP laptops. This should be relatively low-risk; since
debian-installer has always used the opposite order, so this configuration
has already received significant testing.
Also, Fabio has proposed One Last XFree86 Update(tm) to fix a few bugs. I
have serious reservations about this, but there is room for discussion.
Fabio, please publish the diff so that we have context for it.
All in all, I think that Warty remains on schedule and on target, and the
release candidate is of excellent quality. We have only a short distance
left to cover. Thanks as always to the Ubuntu development team for their
release efforts, and to the community for their strong support.
More information about the ubuntu-devel