Comment 1 Matthias Geerdsen (RETIRED) 2006-10-03 11:59:09 UTC

robbat2 pls provide an updated ebuild

btw, debian has fixed this in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=338920

Comment 2 Matthias Geerdsen (RETIRED) 2006-10-19 05:48:36 UTC

Robbat/Grant please have look at this

Comment 3 Matthias Geerdsen (RETIRED) 2006-11-01 08:29:51 UTC

Robin? Grant?

this bug has now been open for over one month without reaction

Comment 4 Matthias Geerdsen (RETIRED) 2006-11-09 06:47:31 UTC

*** Bug 154481 has been marked as a duplicate of this bug. ***

Comment 5 Matthias Geerdsen (RETIRED) 2006-11-10 04:51:42 UTC

It has been over a month(!) without any comment from maintainers now. If somebody has no time to extract patches or provide an ebuild, then at least leave a comment stating that.

Comment 6 Robin Johnson 2006-11-10 17:36:17 UTC

my opinion is to dump the package anyway.

Comment 7 Sune Kloppenborg Jeppesen (RETIRED) 2006-11-20 23:47:43 UTC

Dumping it would solve this problem as well. Could we get it masked until treecleaners come about to do their work. Comments?

Comment 8 Robin Johnson 2006-11-21 03:13:59 UTC

masked in cvs now.

Comment 9 Sune Kloppenborg Jeppesen (RETIRED) 2006-11-21 04:07:01 UTC

Time for GLSA decision. I vote NO.

Comment 10 Wolf Giesen (RETIRED) 2006-11-21 04:32:07 UTC

Hm, I think it would be nice to let people know when we bestow security masking on a package.

Comment 11 Robin Johnson 2006-11-21 06:41:28 UTC

frilled: it's masked for tree-cleaners, see bug 154988

Comment 12 Sune Kloppenborg Jeppesen (RETIRED) 2006-11-24 12:58:40 UTC

Not sure why this is not in glsa? status.

I see migrationtools is scheduled for removal. So what's the alternative??? Should I put migrationtools in a portage overlay now?

$ emerge -p migrationtools

These are the packages that would be merged, in order:

Calculating dependencies   
!!! All ebuilds that could satisfy "migrationtools" have been masked.
!!! One of the following masked packages is required to complete your request:
- net-nds/migrationtools-45 (masked by: package.mask, ~x86 keyword)
# Robin H. Johnson <robbat2@gentoo.org> (21 Nov 2006)
# bug #149660, scheduled for removal 2006-Dec-21.

- net-nds/migrationtools-44-r2 (masked by: package.mask)
- net-nds/migrationtools-44-r1 (masked by: package.mask)
- net-nds/migrationtools-46 (masked by: package.mask)
- net-nds/migrationtools-45-r1 (masked by: package.mask, ~x86 keyword)

Comment 14 Robin Johnson 2006-11-27 05:06:42 UTC

Evert: migrationtools is the sort of application you use once, and don't need afterwards. If you do want to use it, just unpack it on your machine, edit the files to put the configuration stuff (that you need to do anyway with the ebuild),  use the conversion scripts, and then delete them.

Comment 15 Matthias Geerdsen (RETIRED) 2006-11-27 06:51:19 UTC

/me tends to vote no

I like the convenience of (de)installing *everything* using emerge :)
And other than that, I think it's kinda lame to remove a package because of a security issue which is already fixed by other distros...

Comment 17 Robin Johnson 2006-11-27 14:03:53 UTC

Evert: since one has to edit several of the migrationtools files to use them, emerge --unmerge wouldn't remove them anyway as the hashes recorded in /var/db/pkg/..../CONTENTS would have changed.

That's where u have a point ;-)

Comment 19 Matthias Geerdsen (RETIRED) 2006-12-05 11:59:54 UTC

security pls vote

Comment 20 Matt Drew (RETIRED) 2006-12-05 12:23:33 UTC

apprentice - no on GLSA

Comment 21 Wolf Giesen (RETIRED) 2006-12-05 21:19:11 UTC

I also tend to vote no.

Comment 22 Sune Kloppenborg Jeppesen (RETIRED) 2006-12-05 21:59:58 UTC

2+ NO votes -> no GLSA.

I'll keep this one open until the package is completely removed.

Comment 23 Tavis Ormandy (RETIRED) 2006-12-23 08:29:45 UTC

Jokey reports the package has been removed, noglsa so RESOLVED FIXED. Thanks everyone.