Ubuntu as a server

[Mike Bird]

On Sat, 2006-01-28 at 05:52, Shot (Piotr Szotkowski) wrote:
> Mike Bird:
> 
> > On Fri, 2006-01-27 at 03:33, Shot (Piotr Szotkowski) wrote:
> 
> >> Well, it depends, really. Trac, a valid universe package choice
> >> for servers, has open security bug(s) for almost two months now:
> >> https://launchpad.net/distros/ubuntu/+source/trac/+bug/5297
> 
> > Just pin Trac to Dapper.
> 
> That’s not a good idea for the following reasons:
> 
> 1. trac is an *ubuntu*-versioned package,
>    so is not auto-synced with Debian.

How does that relate to the issue of a Dapper pin?

> 2. Dapper is past UVF, so it won’t see any unsupervised updates anyway.

Dapper Trac already has the security fixes that the OP needs.

> 3. From what I undestood from previous ubuntu-devel discussions, it’s
>    generally better to rebuild packages for Breezy than to take Dapper’s
>    binary packages, even if their dependencies are fulfillable in
>    Breezy (the same applies to taking binary packages from sid).

Trac is written in Python.  No binaries.  Also I thoroughly
tested Dapper Trac in Breezy before recommending it.  How much
testing did you do before posting to this list where your "not
a good idea" post will be misleading people for eternity?

> Given that rebuilding a package is usually as easy as downloading
> the orig, diff and dsc fies, doing `dpkg-source -x *.dsc` followed
> by `fakeroot dpkg-buildpackage` (split by a `dch` step for those
> who like to have packages versioned properly), I’d rather stick to
> rebuilding either Dapper or sid packages.

You forgot the tricky part - pinning to Dapper or using something
like FTP so you get the correct (Dapper) source to build.

Please upload it to backports and let us know when you're done.

--Mike Bird