Debian Bug report logs - #432765
ingimp: Cannot be included in Lenny

version graph

Package: ingimp; Maintainer for ingimp is (unknown);

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Wed, 11 Jul 2007 20:39:01 UTC

Severity: serious

Fixed in version 2.4.7.20080901-1+rm

Done: Martin Michlmayr <tbm@cyrius.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Francois Marier <francois@debian.org>:
Bug#432765; Package ingimp. (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to Francois Marier <francois@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ingimp: Cannot be included in Lenny
Date: Wed, 11 Jul 2007 22:36:38 +0200
Package: ingimp
Severity: serious

This package includes a whole copy of Gimp, which regularly
has vulnerabilities, it cannot be included in Lenny as is.

Cheers,
        Moritz

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.21-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#432765; Package ingimp. (full text, mbox, link).

Acknowledgement sent to Francois Marier <francois@debian.org>:
Extra info received and forwarded to list. (full text, mbox, link).

Message #10 received at 432765@bugs.debian.org (full text, mbox, reply):

From: Francois Marier <francois@debian.org>
To: Moritz Muehlenhoff <jmm@debian.org>, 432765@bugs.debian.org
Subject: Re: Bug#432765: ingimp: Cannot be included in Lenny
Date: Thu, 12 Jul 2007 09:00:33 +1200
Hi Moritz,

> This package includes a whole copy of Gimp

You are right: the source package includes a copy of GIMP and the binary
packages include the GIMP binary (but not anything else).

> which regularly has vulnerabilities,

The idea is to make it depend on the latest version of the GIMP and update
it whenever a new version of GIMP comes out.  So it will be updated whenever
a new security fix for GIMP is released.  In fact, with the last release of
ingimp that I made yesterday, I set the dependency to be:

  gimp (>= 2.2.16), gimp (<< 2.2.17)

to force the versions to match exactly.

> it cannot be included in Lenny as is.

Could you explain a bit more why you think that way?  As long as ingimp
keeps up with GIMP releases, I fail to see how it should be treated any
differently.

Cheers,

Francois

Information forwarded to debian-bugs-dist@lists.debian.org, Francois Marier <francois@debian.org>:
Bug#432765; Package ingimp. (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Francois Marier <francois@debian.org>. (full text, mbox, link).

Message #15 received at 432765@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Francois Marier <francois@debian.org>
Cc: 432765@bugs.debian.org, jmm@inutil.org
Subject: Re: Bug#432765: ingimp: Cannot be included in Lenny
Date: Thu, 12 Jul 2007 19:35:07 +0200
Francois Marier wrote:
> So it will be updated whenever a new security fix for GIMP is released.

(..) 

> Could you explain a bit more why you think that way?  As long as ingimp
> keeps up with GIMP releases, I fail to see how it should be treated any
> differently.

We would need to roll out all Gimp security updates twice once it's included
in the stable Lenny release. It's alright to research user interaction
in unstable, but it's doesn't appear to be justified for stable. Or you
could integrate it into the regular gimp package, so that they're build
from the same source package.

Cheers,
        Moritz

Reply sent to Martin Michlmayr <tbm@cyrius.com>:
You have taken responsibility. (Thu, 11 Feb 2010 23:54:14 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Thu, 11 Feb 2010 23:54:14 GMT) (full text, mbox, link).

Message #20 received at 432765-done@bugs.debian.org (full text, mbox, reply):

From: Martin Michlmayr <tbm@cyrius.com>
To: 432765-done@bugs.debian.org, 561329-done@bugs.debian.org
Subject: Removed
Date: Thu, 11 Feb 2010 23:51:18 +0000
Version: 2.4.7.20080901-1+rm

ingimp was removed from the archive.
-- 
Martin Michlmayr
http://www.cyrius.com/

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 12 Mar 2010 07:38:22 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Jan 11 23:51:42 2018; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.