Ubuntu Distributed Development

Spurious collision(?) when GNOME packages generate uploaders line

Bug #779420 reported by James Westby on 2011-05-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu Distributed Development	New	Undecided	Unassigned

Bug Description

Hi,

Take a look at

https://code.launchpad.net/~ubuntu-branches/ubuntu/oneiric/gnome-pkg-tools/oneiric-201105060911/+merge/60156

which shows a collision due to the way that GNOME packages are built.

When you build the source package they generate debian/control from debian.control.in, in this case generating
the Uploaders line.

This isn't commited to bzr, and so we see a difference between the uploaded package and the one in bzr. They
would generate equivalent source packages though.

We could ignore this particular change when checking for collisions, but it does point to a
more fundamental problem with the current approach to collision checking.

Thanks,

James

Revision history for this message

Robert Collins (lifeless) wrote on 2011-05-08: Re: [Bug 779420] [NEW] Spurious collision(?) when GNOME packages generate uploaders line

Perhaps we should generate source packages and compare those rather
than comparing the imported trees?

Revision history for this message

James Westby (james-w) wrote on 2011-05-08:

On Sun, 08 May 2011 12:31:23 -0000, Robert Collins <email address hidden> wrote:
> Perhaps we should generate source packages and compare those rather
> than comparing the imported trees?

Yes, however we don't do that as it would give arbitrary code execution
to uploaders on a machine that isn't prepared for it.

Thanks,

James

Revision history for this message

Robert Collins (lifeless) wrote on 2011-05-08:

On Mon, May 9, 2011 at 3:15 AM, James Westby <email address hidden> wrote:
> On Sun, 08 May 2011 12:31:23 -0000, Robert Collins <email address hidden> wrote:
>> Perhaps we should generate source packages and compare those rather
>> than comparing the imported trees?
>
> Yes, however we don't do that as it would give arbitrary code execution
> to uploaders on a machine that isn't prepared for it.

We could address that. E.g. upload to the first stage of ppa building,
retrieve the result, compare.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.