Ubuntu
electrum package

Please replace electrum with 'dummy' package in the repositories for Trusty, Vivid

  1. Vivid (15.04)
  2. Bug #1499094
Bug #1499094 reported by Thomas Ward
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
electrum (Ubuntu)
Fix Released
Medium
Unassigned
Trusty
Incomplete
Medium
Thomas Ward
Vivid
Incomplete
Medium
Thomas Ward

Bug Description

Related:
https://bugs.launchpad.net/ubuntu/+source/electrum/+bug/1481033

Request:
Please apply a retroactive SRU that will replace the Electrum binaries and such with 'dummy' packages. A related removal/blacklist request is linked above, and may be used as the supporting arguments for this request, as well as the prior precedent set by the Bitcoin source package blacklisting and retroactive 'dummyfication'.

Precedent:
There is prior precedent existing for such a retroactive 'nullification' of the package by replacing it with a dummy package within the 'bitcoin' source package. Refer to https://bugs.launchpad.net/ubuntu/+source/bitcoin/+bug/1260602 for that precedent. Similar precedent exists here, as future hard-forks in Bitcoin blockchains may, and very likely always will, make 'older' Electrum releases break.

Implied Breakages with this SRU:
* The 'electrum' binary installed by the binaries from the repository *will no longer work* on systems when this SRU goes out.
* The 'python-electrum' binary installed by the binaries from the repository *will no longer work* on systems when this SRU goes out.

Alternatives to the Ubuntu Repositories:
* Upstream provides installation via either compiling from source tarballs from upstream, or via 'python pip'. This will, of course, keep the package updated when individuals use 'pip' in accordance with Upstream recommendations and guidelines for the installation and/or compiling of the program.

Mathew Hodson (mhodson)
Changed in electrum (Ubuntu):
importance: Undecided → Medium
status: New → Fix Released
tags: added: patch
tags: added: vivid
removed: precise
Revision history for this message
Thomas Ward (teward) wrote :

Has this actually been done? I see no uploads that back up this being 'completed'.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Indeed, it doesn't look to be done at all; however the change isn't necessarily wrong, since the electrum package indeed isn't in xenial or wily.

Mathew Hodson (mhodson)
Changed in electrum (Ubuntu Trusty):
importance: Undecided → Medium
Changed in electrum (Ubuntu Vivid):
importance: Undecided → Medium
Revision history for this message
Thomas Ward (teward) wrote :

Mathew Hodson: Do not mark this bug or the related bug as a duplicate of each other, they have different sponsoring/review/handling procedures. Adam Conrad (infinity, on IRC) unduped these after he and I discussed this on IRC, and they're being handled separately and differently.

Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

Hey Thomas! Thanks for working on this and fixing those security issues.

I can't build any of your package though. Are you sure you really tested the package with your debdiff applied? I tested the vivid package.
First thing I spotted is that you python-electrum.install can't work:
+debian/bin/python-electrum /usr/bin

where the binary you want to install is debian/python-electrum, so building the package will fail.

Secondly, you are installing this binary both in python-electrum and electrum package. I guess you didn't try to install both packages on your system as dpkg will fail due to same filename being installed in different package (and so, you are going to create upgrade issues). Please only ship it in the electrum package

However, even with those changes, there is still some build failure error in dh_install due to creating debian/python-electrum directory.

So, in a nutshell, please test your patches by building with them and installing them. ;) I'm changing the status (fix released for wily/xenial due to package removal). I'm changing the trusty and vivid status to incomplete, please revert them to New once you propose new working patches.

On a final note, let's try to keep the diff minimal. Keep the old debian/control.in dependencies, just change the descriptions.

Thanks!

Changed in electrum (Ubuntu Trusty):
status: New → Incomplete
Changed in electrum (Ubuntu Vivid):
status: New → Incomplete
Revision history for this message
Didier Roche-Tolomelli (didrocks) wrote :

Also, please resubscribe the sponsor team once ready.

Revision history for this message
Thomas Ward (teward) wrote :

I had tested them and test built them in sbuild without issues. There may be patch issues remaining, and I'll poke at that later. (server package tasks currently take priority, as well as legal things outside my volunteering to Ubuntu).

Changed in electrum (Ubuntu Trusty):
assignee: nobody → Thomas Ward (teward)
Changed in electrum (Ubuntu Vivid):
assignee: nobody → Thomas Ward (teward)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.