[Bug 1128979] perl-Plack: trailing slashes removed leading to source code disclosure [fedora-all]

bugzilla at redhat.com bugzilla at redhat.com
Tue Aug 12 14:10:59 UTC 2014 

https://bugzilla.redhat.com/show_bug.cgi?id=1128979



--- Comment #5 from Ralf Corsepius <rc040203 at freenet.de> ---
(In reply to Eric Christensen from comment #4)
> (In reply to Ralf Corsepius from comment #2)
> > Oh boy, yet more bureaucracy!
> 
> I'm not sure what bureacuracy you are speaking of as this has been standard
> procedure for years.

Right - And I have been repeatedly complaining about this bureaucracy for
years. Unfortunately nothing has improved. Openly said, I feel Fedora's
bureaucracy is ballooning and has never been bigger.

> > Folks, Plack-1.0031 already is in f22 and rawhide, but I could not update
> > f19 and f20 because perl-File-ShareDir-Install in f20 and f19 is too old
> > (not worth mentioning epel7, which IMO is unmaintainable).
> 
> So you need the below mentioned updates for your Plack update?
Exactly. 

Like many other perl modules, Plack has a long dependency chain, which needs to
be kept quite close to "current", otherwise quick responses to bugs aren't
possible. This time, perl-File-ShareDir in fc19 and fc20 weren't new enough.

>  It looks
> like they were just recently pushed to testing to testing and adding karma
> will be the way to get them out the door sooner.
*I* submitted them a couple of days ago and they are in Fedora's (7 day)
release _delay_ queue.

[BTW: In recent times, the 7 days quite often prove to be 10-14 days.
e.g.
https://admin.fedoraproject.org/updates/FEDORA-2014-9066/perl-Mail-GnuPG-0.20-1.fc20]

> > So, instead of molesting maintainers with bureaucratic forms, better help
> > out pushing these package builts, ASAP, such that perl-Plack-1.0031 can be
> > submitted:
> 
> There is no molestation occurring here.
C'mon, stop cheating.

No-molestation would equal to no additional effort and to complete ignore you.
Distribution-wise, would not change anything.

Do you want me to do this or are you insisting on me reading your mails,
closing the BZ and fill your the form?

Do you notice something? No molestation is different.

>  If these packages are needed for
> your update then by all means test them against your package and provide
> karma.  It's what we packagers do.
Another self-cheat. Just have a look at how many updates I have pushed (I guess
1000s). Hardly any of them has received karma. This karma-stuff is
non-functional non-sense.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=LMhYeNq8za&a=cc_unsubscribe

More information about the perl-devel mailing list