Re: List of long term FTBFS packages to be retired in 1 week

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 26, 2024 at 3:52 PM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote:
>
> On 26. 07. 24 14:23, Andrea Bolognani wrote:
> > On Fri, Jul 26, 2024 at 03:13:27PM GMT, David Abdurachmanov wrote:
> >> On Tue, Jul 23, 2024 at 5:30 PM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote:
> >>>
> >>> Dear maintainers.
> >>>
> >>> Based on the current fail to build from source policy, the following packages
> >>> should be retired from Fedora 41 approximately one week before branching.
> >>
> >> Hi Miro,
> >>
> >> I suggest including the following two packages:
> >> - InsightToolkit
> >> - gimp-separate+
> >>
> >> These packages failed in mass rebuilds (F40 and F41). These continue
> >> to depend on old libtiff (with CVEs).
> >>
> >> Looking at gimp-separate+ the domain in URL: field is no longer valid.
> >> We are using source code from 2010 (final release). There was an
> >> attempt for a minor (patch level) release in 2016. They did some alpha
> >> tarballs, but I don't see any release. It seems to be dead for a
> >> decade or so.
> >>
> >> InsightToolkit seems to fail compiling VTK bits. We could probably
> >> disable the VTK sub-package for now.
> >>
> >> Then finally stop libtiff incl. old libtiff binaries with CVEs.
> >
> > For completeness' sake, this is the bug that has been filed a while
> > ago against libtiff to highlight the problematic situation David is
> > referring to:
> >
> >    https://bugzilla.redhat.com/show_bug.cgi?id=2292047
> >
> > If the packages that still need libtiff.so.5 were to be retired,
> > addressing it would become trivial.
>
> Hey folks. I cannot retire them while handling the policy, because they were
> built in Fedora 39 which is not yet EOL.
>
> You can follow steps 1-5 from
> https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/#_package_removal_for_long_standing_ftbfs_and_fti_bugs
> instead.

I am a bit surprised here.

gimp-separate+ got FTBFS ticket [0] on 2024-01-29 and there has been
no response from the maintainer. The rules allow you to nuke the
package in 14 (or less) weeks in a specific situation instead of
waiting for 13 months. I assume there is no "concerned party" to
follow up on FTBFS tickets to get these packages orphaned, and removed
more promptly?

[0] https://bugzilla.redhat.com/show_bug.cgi?id=2261154
-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux