Debian Bug report logs - #752085
[php5] Please disambiguate references to issue reports in changelog

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Filipus Klutiero <chealer@gmail.com>

To: submit@bugs.debian.org

Subject: [php5] Please disambiguate references to issue reports in changelog

Date: Thu, 19 Jun 2014 09:59:01 -0400

Package: php5
Version: 5.6.0~beta4+dfsg-4
Severity: wishlist

5.6.0~beta4+dfsg-4's changelog reads:
>     * Fixed regression introduced by patch for bug #67072
>     * Fix regression introduce in fix for bug #67118

Please specify the issue tracking system hosting referenced reports when that ITS is not ours. In this case, these are in the ITS of PHP/upstream. Other changelog entries have such ambiguities, but I'm not asking for a cleanup of old versions.

By the way, "introduce" should read "introduced".

By the way 2, these entries redefine the changelog. You could say "Fix 2 unspecified recent regressions" rather than bothering with such vague pseudo-entries.

-- 
Filipus Klutiero
http://www.philippecloutier.com

Message #10 received at 752085-done@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@sury.org>

To: Filipus Klutiero <chealer@gmail.com>, 752086-done@bugs.debian.org, 752085-done@bugs.debian.org

Subject: Re: [php-maint] Bug#752086: [php5] Please do not request users to read UPGRADING in NEWS.Debian

Date: Thu, 19 Jun 2014 16:44:57 +0200

[Message part 1 (text/plain, inline)]

Version: 5.6.0~beta4+dfsg-5
# or some other future version...

For god sake, could you send a patch with proposed changes next time
instead of filling bug reports for such minor stuff?



O.



On Thu, Jun 19, 2014, at 16:10, Filipus Klutiero wrote:

Package: php5

Version: 5.6.0~beta4+dfsg-4

Severity: wishlist



The 5.6.0~beta4+dfsg-2 changelog entry reads:

  * Please read full upgrade notes available from

    /usr/share/doc/php5-common/UPGRADING

  * Here are the backwards incompatible changes as listed by upstream:



    - Core:

      By fixing bug #66015 it is no longer possible to overwrite keys
in static scalar

      arrays. Quick example to illustrate:

      class Test {

           const FIRST = 1;

           public $array = array(

               self::FIRST => 'first',

               'second',

               'third'

           );

      }

      Test::$array will have as expected three array keys (1, 2, 3) and
no longer

      two (0, 1). self::FIRST will no longer overwrite 'third' having
key 1 then,

      but will mark the beginning of indexing.



    - JSON:

      json_decode() no longer accepts non-lowercase variants of lone
JSON true,

      false or null values. For example, True or FALSE will now cause
json_decode to

      return NULL and set an error value you can fetch with
json_last_error().

      This affects JSON texts consisting solely of true, false or null.
Text

      containing non-lowercase values inside JSON arrays or objects has
never been

      accepted.



    - OpenSSL:

      To prevent man-in-the-middle attacks against encrypted transfers
client

      streams now verify peer certificates by default. Previous
versions

      required users to manually enable peer verification. As a result
of this

      change, existing code using ssl:// or tls:// stream wrappers
(e.g.

      file_get_contents(), fsockopen(), stream_socket_client()) may no
longer

      connect successfully without manually disabling peer verification
via the

      stream context's "verify_peer" setting. Encrypted transfers
delegate to

      operating system certificate stores by default if not overridden
via the

      new openssl.cafile and openssl.cafile ini directives or via
call-time SSL

      context options, so most users should be unaffected by this
transparent

      security enhancement.
([1]https://wiki.php.net/rfc/tls-peer-verification)



    - Mcrypt:

      The mcrypt_encrypt(), mcrypt_decrypt() and mcrypt_{MODE}()
functions no

      longer accept keys or IVs with incorrect sizes. Furthermore an IV
is now

      required if the used block cipher mode requires it.



We shouldn't request users to read the full upgrade notes for 2
reasons:

 1. We have nothing to gain from users reading that. We should simply
    inform them for their own good.
 2. Even users usually don't need to read the full upgrade notes. Only
    a minority of developers want to read the full upgrade notes. Even
    the backwards-incompatible changes don't need to be read on many
    systems which only use packaged PHP scripts.



Note that there is no /usr/share/doc/php5-common/UPGRADING

UPGRADING is gzipped.

--
Filipus Klutiero
[2]http://www.philippecloutier.com

_______________________________________________

pkg-php-maint mailing list

[3]pkg-php-maint@lists.alioth.debian.org

[4]http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-main
t



--
Ondřej Surý <[5]ondrej@sury.org>
Knot DNS ([6]https://www.knot-dns.cz/) – a high-performance DNS server

References

1. https://wiki.php.net/rfc/tls-peer-verification
2. http://www.philippecloutier.com/
3. mailto:pkg-php-maint@lists.alioth.debian.org
4. http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
5. mailto:ondrej@sury.org
6. https://www.knot-dns.cz/

[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.