Secure testing team - Feb 2011 - squeeze webkit security update

Hi,

I''ve prepared a package for the new stable upstream webkit 1.2 branch
 [0]. That branch now only contains security fixes.  Would it be OK to
push this new upstream version as a DSA for squeeze?

Best wishes,
Mike

[0] http://mentors.debian.net/debian/pool/main/w/webkit/

Hi Mike,

On Monday 21 February 2011 18:23:52 Michael Gilbert
wrote:
> I''ve prepared a package for the new stable upstream webkit 1.2
branch
>  [0]. That branch now only contains security fixes.  Would it be OK to
> push this new upstream version as a DSA for squeeze?
Thanks. I think conceptually this is a good idea, I do have some practical 
issues with the current package:

- The version number 1.2.7-1 won''t work for stable since this is higher
than
testing/unstable. In the past this would be propagated automatically to the 
latter ones but I think that hasn''t worked for many years now. The best
way
forward depends a bit on the plan for sid:
* If you want upload 1.2.7-1 there,you can upload 1.2.6-2+1.2.7-1 (or 
something like 1.2.7-0+squeeze1 when wheezy has 1.2.7-1) to squeeze.
* If you want to upload 1.3 there, we can accept 1.2.7-1 in squeeze as soon as 
1.3 is in testing.

- The changelog doesn''t seem to mention any CVE id''s.

- You add yourself as maintainer and DM-uploader even though you don''t
have
that position in unstable. Is this agreed upon with the current maintenance 
team?


Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110221/71566258/attachment.pgp>

On Mon, 21 Feb 2011 18:42:31 +0100, Thijs Kinkhorst
wrote:
> Hi Mike,
> 
> On Monday 21 February 2011 18:23:52 Michael Gilbert wrote:
> > I''ve prepared a package for the new stable upstream webkit
1.2 branch
> >  [0]. That branch now only contains security fixes.  Would it be OK to
> > push this new upstream version as a DSA for squeeze?
> 
> Thanks. I think conceptually this is a good idea, I do have some practical 
> issues with the current package:
> 
> - The version number 1.2.7-1 won''t work for stable since this is
higher than
> testing/unstable. In the past this would be propagated automatically to the
> latter ones but I think that hasn''t worked for many years now. 
Is there any way to restore this functionality?  This would be the
ideal solution.
> The best way 
> forward depends a bit on the plan for sid:
> * If you want upload 1.2.7-1 there,you can upload 1.2.6-2+1.2.7-1 (or 
> something like 1.2.7-0+squeeze1 when wheezy has 1.2.7-1) to squeeze.
> * If you want to upload 1.3 there, we can accept 1.2.7-1 in squeeze as soon
as
> 1.3 is in testing.
We''re planing to only upload security updates to sid/wheezy for a while
now (until the next stable upstream webkit release).  It would be
preferable if we can make one upload to all three (squeeze, wheezy,
sid) at the same time.
> - The changelog doesn''t seem to mention any CVE id''s.
Oops, I do need to fix that.
> - You add yourself as maintainer and DM-uploader even though you
don''t have
> that position in unstable. Is this agreed upon with the current maintenance
> team?
Yes, I''ve been working with Gustavo to prepare this update, and I
think he agrees with DM-uploader status for me (I''ve CC''d the
webkit
maintainers for a response).

Best wishes,
Mike

On Mon, Feb 21, 2011 at 01:20:40PM -0500, Michael Gilbert
wrote:
> On Mon, 21 Feb 2011 18:42:31 +0100, Thijs Kinkhorst wrote:
> > Hi Mike,
> > 
> > On Monday 21 February 2011 18:23:52 Michael Gilbert wrote:
> > > I''ve prepared a package for the new stable upstream
webkit 1.2 branch
> > >  [0]. That branch now only contains security fixes.  Would it be
OK to
> > > push this new upstream version as a DSA for squeeze?
> > 
> > Thanks. I think conceptually this is a good idea, I do have some
practical
> > issues with the current package:
> > 
> > - The version number 1.2.7-1 won''t work for stable since this
is higher than
> > testing/unstable. In the past this would be propagated automatically
to the
> > latter ones but I think that hasn''t worked for many years
now.
> 
> Is there any way to restore this functionality?  This would be the
> ideal solution.
Realistically, no.
 
Cheers,
        Moritz

On Mon, 21 Feb 2011 19:36:48 +0100, Moritz M?hlenhoff
wrote:
> On Mon, Feb 21, 2011 at 01:20:40PM -0500, Michael Gilbert wrote:
> > On Mon, 21 Feb 2011 18:42:31 +0100, Thijs Kinkhorst wrote:
> > > Hi Mike,
> > > 
> > > On Monday 21 February 2011 18:23:52 Michael Gilbert wrote:
> > > > I''ve prepared a package for the new stable upstream
webkit 1.2 branch
> > > >  [0]. That branch now only contains security fixes.  Would
it be OK to
> > > > push this new upstream version as a DSA for squeeze?
> > > 
> > > Thanks. I think conceptually this is a good idea, I do have some
practical
> > > issues with the current package:
> > > 
> > > - The version number 1.2.7-1 won''t work for stable since
this is higher than
> > > testing/unstable. In the past this would be propagated
automatically to the
> > > latter ones but I think that hasn''t worked for many
years now.
> > 
> > Is there any way to restore this functionality?  This would be the
> > ideal solution.
> 
> Realistically, no.
What are the problems?  Are there some past threads that I could review
to better understand the issues at hand, and possibly postulate some
potential solutions?

It makes life so much simpler if we can prepare one package for all
releases.  I''d rather spend a lot of time upfront to solve the hard
infrastructure problem rather than have to deal with a bunch of
redundant work for every update.

Best wishes,
Mike

On Monday 21 February 2011 12:20:40 Michael Gilbert
wrote:
> On Mon, 21 Feb 2011 18:42:31 +0100, Thijs Kinkhorst wrote:
> > - You add yourself as maintainer and DM-uploader even though you
don''t
> > have that position in unstable. Is this agreed upon with the current
> > maintenance team?
> 
> Yes, I''ve been working with Gustavo to prepare this update, and I
> think he agrees with DM-uploader status for me (I''ve CC''d
the webkit
> maintainers for a response).
Adding the flag to an old/stable upload won''t activate your DMship for
the
package. You need it on an upload to unstable (or experimental IIRC).

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

On Mon, Feb 21, 2011 at 01:44:14PM -0500, Michael Gilbert
wrote:
> On Mon, 21 Feb 2011 19:36:48 +0100, Moritz M?hlenhoff wrote:
> > On Mon, Feb 21, 2011 at 01:20:40PM -0500, Michael Gilbert wrote:
> > > On Mon, 21 Feb 2011 18:42:31 +0100, Thijs Kinkhorst wrote:
> > > > Hi Mike,
> > > > 
> > > > On Monday 21 February 2011 18:23:52 Michael Gilbert wrote:
> > > > > I''ve prepared a package for the new stable
upstream webkit 1.2 branch
> > > > >  [0]. That branch now only contains security fixes. 
Would it be OK to
> > > > > push this new upstream version as a DSA for squeeze?
> > > > 
> > > > Thanks. I think conceptually this is a good idea, I do have
some practical
> > > > issues with the current package:
> > > > 
> > > > - The version number 1.2.7-1 won''t work for stable
since this is higher than
> > > > testing/unstable. In the past this would be propagated
automatically to the
> > > > latter ones but I think that hasn''t worked for many
years now.
> > > 
> > > Is there any way to restore this functionality?  This would be
the
> > > ideal solution.
> > 
> > Realistically, no.
> 
> What are the problems?  Are there some past threads that I could review
> to better understand the issues at hand, and possibly postulate some
> potential solutions?
The dak installation on security-master is different from ftp-master.
It''s planned to be merged in the mid term, but until then no
non-necessary
changes will be made.

Cheers,
        Moritz

On Mon, Feb 21, 2011 at 12:44:24PM -0600, Raphael Geissert
wrote:
> On Monday 21 February 2011 12:20:40 Michael Gilbert wrote:
> > On Mon, 21 Feb 2011 18:42:31 +0100, Thijs Kinkhorst wrote:
> > > - You add yourself as maintainer and DM-uploader even though you
don''t
> > > have that position in unstable. Is this agreed upon with the
current
> > > maintenance team?
> > 
> > Yes, I''ve been working with Gustavo to prepare this update,
and I
> > think he agrees with DM-uploader status for me (I''ve
CC''d the webkit
> > maintainers for a response).
> 
> Adding the flag to an old/stable upload won''t activate your DMship
for the
> package. You need it on an upload to unstable (or experimental IIRC).
security-master didn''t allow DM uploads before Joerg upgraded the
installation for the Squeeze release.

J?rg, is this possible after the update?

Cheers,
        Moritz

On Mon, 21 Feb 2011 12:44:24 -0600, Raphael Geissert
wrote:
> On Monday 21 February 2011 12:20:40 Michael Gilbert wrote:
> > On Mon, 21 Feb 2011 18:42:31 +0100, Thijs Kinkhorst wrote:
> > > - You add yourself as maintainer and DM-uploader even though you
don''t
> > > have that position in unstable. Is this agreed upon with the
current
> > > maintenance team?
> > 
> > Yes, I''ve been working with Gustavo to prepare this update,
and I
> > think he agrees with DM-uploader status for me (I''ve
CC''d the webkit
> > maintainers for a response).
> 
> Adding the flag to an old/stable upload won''t activate your DMship
for the
> package. You need it on an upload to unstable (or experimental IIRC).
Right, those changes are meant for the unstable upload.  I didn''t want
to prepare a stable package with just those changes dropped until I
got a review and figured out what really needs to be done here.

Mike

On Mon, 21 Feb 2011 19:56:01 +0100, Moritz M?hlenhoff
wrote:
> On Mon, Feb 21, 2011 at 01:44:14PM -0500, Michael Gilbert wrote:
> > On Mon, 21 Feb 2011 19:36:48 +0100, Moritz M?hlenhoff wrote:
> > > On Mon, Feb 21, 2011 at 01:20:40PM -0500, Michael Gilbert wrote:
> > > > On Mon, 21 Feb 2011 18:42:31 +0100, Thijs Kinkhorst wrote:
> > > > > Hi Mike,
> > > > > 
> > > > > On Monday 21 February 2011 18:23:52 Michael Gilbert
wrote:
> > > > > > I''ve prepared a package for the new
stable upstream webkit 1.2 branch
> > > > > >  [0]. That branch now only contains security
fixes.  Would it be OK to
> > > > > > push this new upstream version as a DSA for
squeeze?
> > > > > 
> > > > > Thanks. I think conceptually this is a good idea, I do
have some practical
> > > > > issues with the current package:
> > > > > 
> > > > > - The version number 1.2.7-1 won''t work for
stable since this is higher than
> > > > > testing/unstable. In the past this would be propagated
automatically to the
> > > > > latter ones but I think that hasn''t worked for
many years now.
> > > > 
> > > > Is there any way to restore this functionality?  This would
be the
> > > > ideal solution.
> > > 
> > > Realistically, no.
> > 
> > What are the problems?  Are there some past threads that I could
review
> > to better understand the issues at hand, and possibly postulate some
> > potential solutions?
> 
> The dak installation on security-master is different from ftp-master.
> It''s planned to be merged in the mid term, but until then no
non-necessary
> changes will be made.
Would it be possible to ask the ftp-masters to manually copy
squeeze-security uploads to the other releases on a case-by-case basis
in the meantime?

Best wishes,
Mike

On Monday 21 February 2011 20:02:22 Michael Gilbert
wrote:
> > > What are the problems?  Are there some past threads that I could
review
> > > to better understand the issues at hand, and possibly postulate
some
> > > potential solutions?
> >
> > 
> >
> > The dak installation on security-master is different from ftp-master.
> > It''s planned to be merged in the mid term, but until then no
> > non-necessary changes will be made.
> 
> Would it be possible to ask the ftp-masters to manually copy
> squeeze-security uploads to the other releases on a case-by-case basis
> in the meantime?
Asking is free. However, let''s realize that this is only a convenience 
function that would benefit a small set of packages.

After all, the default situation for packages is already that Debian is 
preparing at least two uploads: one for stable and one for unstable. Given the 
lack of the propagation feature, webkit is just in this same boat: it needs 
two uploads. So it''s not quite the end of the world since we accept
this
situation for nearly every other package.


Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110221/185afb60/attachment.pgp>

On 02/21/2011 07:44 PM, Michael Gilbert wrote:
> It makes life so much simpler if we can prepare one package for all
> releases.  I''d rather spend a lot of time upfront to solve the
hard
> infrastructure problem rather than have to deal with a bunch of
> redundant work for every update.

You can''t expect that the same binary is suitable for stable and sid,
at
least not forever.

BTW You need to change only a line in debian/changelog, it doesn''t seem
to me an hard work :)

Cheers,
Giuseppe.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110221/bc607e72/attachment.pgp>

On Mon, 2011-02-21 at 13:20 -0500, Michael Gilbert
wrote:
> > The best way 
> > forward depends a bit on the plan for sid:
> > * If you want upload 1.2.7-1 there,you can upload 1.2.6-2+1.2.7-1 (or 
> > something like 1.2.7-0+squeeze1 when wheezy has 1.2.7-1) to squeeze.
Guess we''ll have to stick with 1.2.6+1.2.7-1 for the time being, then.
> > - You add yourself as maintainer and DM-uploader even though you
don''t have
> > that position in unstable. Is this agreed upon with the current
maintenance
> > team?
> 
> Yes, I''ve been working with Gustavo to prepare this update, and I
> think he agrees with DM-uploader status for me (I''ve CC''d
the webkit
> maintainers for a response).
Yes, DM-uploader has been agreed upon =)

Cheers,

-- 
Gustavo Noronha Silva <kov at debian.org>
Debian Project

On 02/21/2011 09:06 PM, Gustavo Noronha Silva wrote:
>>> * If you want upload 1.2.7-1 there,you can upload 1.2.6-2+1.2.7-1
(or
>>> > > something like 1.2.7-0+squeeze1 when wheezy has 1.2.7-1)
to squeeze.
> Guess we''ll have to stick with 1.2.6+1.2.7-1 for the time being,
then.
> 
IMHO in this case there is no advantage to use 1.2.6+1.2.7-1 instead of
1.2.7-0+squeeze1


Cheers,
Giuseppe.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110221/18de405d/attachment.pgp>

On Mon, 2011-02-21 at 20:58 +0100, Giuseppe Iuculano
wrote:
> You can''t expect that the same binary is suitable for stable and
sid, at
> least not forever.
> 
> BTW You need to change only a line in debian/changelog, it doesn''t
seem
> to me an hard work :)
In WebKitGTK+''s case the hard work is waiting for the build to finish -
it takes quite a while =). In any case we''ll have to deal with it
anyway
when unstable has diverged enough like you point out, so might as well
start now.

Cheers,

-- 
Gustavo Noronha Silva <kov at debian.org>
Debian Project

>> > > - You add yourself as maintainer and DM-uploader even though
you don''t
>> > > have that position in unstable. Is this agreed upon with the
current
>> > > maintenance team?
>> > Yes, I''ve been working with Gustavo to prepare this
update, and I
>> > think he agrees with DM-uploader status for me (I''ve
CC''d the webkit
>> > maintainers for a response).
 
>> Adding the flag to an old/stable upload won''t activate your
DMship for the
>> package. You need it on an upload to unstable (or experimental IIRC).
> security-master didn''t allow DM uploads before Joerg upgraded the
> installation for the Squeeze release.
> J?rg, is this possible after the update?
Not right now. We can maybe make this possible, yes, but havent
yet. Lets see if i get to it before the ftpmaster meeting, but if not i
put it on agenda for there.

Oh, and DM is an archive based flag, checked against a prior upload to
*unstable* or *experimental*:

Quote from the (way to detailed to be any good) GR:
--8<------------------------schnipp------------------------->8---
- the most recent version of the package uploaded to unstable or experimental
includes the field DM-Upload-Allowed: yes in the source section of its control
file
- the most recent version of the package uploaded to unstable or experimental
lists the uploader in the Maintainer: or Uploaders: fields (ie, non-developer
maintainers cannot NMU or hijack packages)
--8<------------------------schnapp------------------------->8---

Thats double trouble for security: You have no unstable/experimental,
nor will it be of much use when the package does need to have an upload
with DMUA already there... And the stupid way the GR was written is
plenty specific, so if we read that in detail, there wont ever be a DM
upload to anything than the main archive.

(*sigh*)

Besides the gr stupidity, the technical implementation (*cough*) also
isnt the most optimal, so we DO have the check the code what we can do
for you.

-- 
bye, Joerg
Kids, you tried your best and you failed miserably. The lesson is, never try.

On lun., 2011-02-21 at 17:15 -0300, Gustavo Noronha Silva
wrote:
> > BTW You need to change only a line in debian/changelog, it
doesn''t seem
> > to me an hard work :)
> 
> In WebKitGTK+''s case the hard work is waiting for the build to
finish -
> it takes quite a while =). In any case we''ll have to deal with it
anyway
> when unstable has diverged enough like you point out, so might as well
> start now. 
Couldn''t ccache speed up the second build?

Regards,
-- 
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110221/83e71e3a/attachment.pgp>

On Mon, 21 Feb 2011 21:14:21 +0100 Giuseppe Iuculano wrote:
> On 02/21/2011 09:06 PM, Gustavo Noronha Silva wrote:
> >>> * If you want upload 1.2.7-1 there,you can upload
1.2.6-2+1.2.7-1 (or
> >>> > > something like 1.2.7-0+squeeze1 when wheezy has
1.2.7-1) to squeeze.
> > Guess we''ll have to stick with 1.2.6+1.2.7-1 for the time
being, then.
> > 
> 
> IMHO in this case there is no advantage to use 1.2.6+1.2.7-1 instead of
> 1.2.7-0+squeeze1
I''ve just uploaded 1.2.7-0+squeeze1 to mentors (built in squeeze chroot
and with updated changelog). Please review:
http://mentors.debian.net/debian/pool/main/w/webkit/

Thanks,
Mike

On Wed, 23 Feb 2011 17:33:26 -0500 Michael Gilbert wrote:
> On Mon, 21 Feb 2011 21:14:21 +0100 Giuseppe Iuculano wrote:
> 
> > On 02/21/2011 09:06 PM, Gustavo Noronha Silva wrote:
> > >>> * If you want upload 1.2.7-1 there,you can upload
1.2.6-2+1.2.7-1 (or
> > >>> > > something like 1.2.7-0+squeeze1 when wheezy has
1.2.7-1) to squeeze.
> > > Guess we''ll have to stick with 1.2.6+1.2.7-1 for the
time being, then.
> > > 
> > 
> > IMHO in this case there is no advantage to use 1.2.6+1.2.7-1 instead
of
> > 1.2.7-0+squeeze1
> 
> I''ve just uploaded 1.2.7-0+squeeze1 to mentors (built in squeeze
chroot
> and with updated changelog). Please review:
> http://mentors.debian.net/debian/pool/main/w/webkit/
It''s been a couple days now since I uploaded this, and
fedora''s advisory
was released a week ago now [0].  Is there someone assigned as the
preparer for this DSA that I should be talking directly to?

I don''t really like repeating myself, but I find the DSA process
extremely opaque.  I wish it were possible to have a productive
conversation on improving it.

Best wishes,
Mike

[0] http://lwn.net/Alerts/428825/

On 02/25/2011 08:48 PM, Michael Gilbert wrote:
> It''s been a couple days now since I uploaded this, and
fedora''s advisory
> was released a week ago now [0].  Is there someone assigned as the
> preparer for this DSA that I should be talking directly to?
I''m very busy in these days, but if no one can take care of this I will
in the next week.

Cheers,
Giuseppe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110225/93b3f46b/attachment.pgp>

On Fri, 04 Mar 2011 09:27:29 +0100 Giuseppe Iuculano wrote:
> Hi Michael,
> 
> On 02/23/2011 11:33 PM, Michael Gilbert wrote:
> > I''ve just uploaded 1.2.7-0+squeeze1 to mentors (built in
squeeze chroot
> > and with updated changelog). Please review:
> > http://mentors.debian.net/debian/pool/main/w/webkit/
> 
> I tried to build your package, but it FTBFS on amd64:
> 
> 
> /bin/mkdir -p ./.deps/DerivedSources
>   CXXLD  libJavaScriptCore.la
>   CXXLD  TestNetscapePlugin/libtestnetscapeplugin.la
>   CXXLD  Programs/jsc
>   CCLD   Programs/minidom
>   CXXLD  libwebkit-1.0.la
>   CCLD   Programs/GtkLauncher
>   CXXLD  Programs/DumpRenderTree
>   CCLD   Programs/unittests/testhttpbackend
>   CCLD   Programs/unittests/testloading
>   CCLD   Programs/unittests/testglobals
>   CCLD   Programs/unittests/testmimehandling
>   CCLD   Programs/unittests/testnetworkrequest
>   CCLD   Programs/unittests/testnetworkresponse
>   CCLD   Programs/unittests/testwebframe
>   CCLD   Programs/unittests/testwebbackforwardlist
>   CCLD   Programs/unittests/testwebhistoryitem
>   CCLD   Programs/unittests/testwindow
>   CCLD   Programs/unittests/testdownload
>   CCLD   Programs/unittests/testatk
>   CCLD   Programs/unittests/testhittestresult
>   CCLD   Programs/unittests/testwebsettings
>   CCLD   Programs/unittests/testwebresource
>   CCLD   Programs/unittests/testwebdatasource
>   CCLD   Programs/unittests/testwebview
>   CCLD   Programs/unittests/testkeyevents
>   GEN    WebKit-1.0.gir
>   GEN    WebKit-1.0.typelib
> make[2]: Leaving directory `/tmp/buildd/webkit-1.2.7/build''
> make[1]: Leaving directory `/tmp/buildd/webkit-1.2.7/build''
> # Awesome hack to get the docs built! For some reason, the
> # first call to make docs fails mid-work, but the second
> # succeeds.
> ln -fs ../../../build/WebKit/gtk/docs/version.xml WebKit/gtk/docs
> cd build/WebKit/gtk/docs && make docs
> make[1]: Entering directory
`/tmp/buildd/webkit-1.2.7/build/WebKit/gtk/docs''
> make[1]: *** read jobs pipe: Is a directory.  Stop.
> make[1]: *** Waiting for unfinished jobs....
> gtk-doc: Scanning header files
> make[1]: Leaving directory
`/tmp/buildd/webkit-1.2.7/build/WebKit/gtk/docs''
> make: *** [build-stamp] Error 2
> dpkg-buildpackage: error: debian/rules build gave error exit status 2
> E: Failed autobuilding of package
Hi Giuseppe,

I''ve built this in a squeeze chroot and a dedicated squeeze machine,
and all seems to go fine.  A couple things could be going wrong.  One
is that webkit needs about 3 GiB to build, so you may have run out of
disk space.  The second is that webkit doesn''t build twice right now.
There are some files that get left behind in the docs directory.  I
usually just wipe and start from scratch if I need to rebuild.

Let me know if I can be of any more help,
Mike

On 03/04/2011 04:38 PM, Michael Gilbert wrote:
> I''ve built this in a squeeze chroot and a dedicated squeeze
machine,
> and all seems to go fine.  A couple things could be going wrong.  One
> is that webkit needs about 3 GiB to build, so you may have run out of
> disk space.  The second is that webkit doesn''t build twice right
now.
> There are some files that get left behind in the docs directory.  I
> usually just wipe and start from scratch if I need to rebuild.
> 
> Let me know if I can be of any more help,

The problem was the parallel build, I disabled it in my build system and
it works.

Cheers,
Giuseppe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110304/c33ebfe0/attachment.pgp>

On 03/04/2011 04:44 PM, Giuseppe Iuculano wrote:
> The problem was the parallel build, I disabled it in my build system and
> it works.
BTW It is not clear to me what we should do with the webkit version in
lenny.
Do we need an End-of-life announcement for it?

Cheers,
Giuseppe.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20110304/1f0b4632/attachment.pgp>

On Fri, Mar 4, 2011 at 10:53 AM, Giuseppe Iuculano
wrote:
> On 03/04/2011 04:44 PM, Giuseppe Iuculano wrote:
>> The problem was the parallel build, I disabled it in my build system
and
>> it works.
>
> BTW It is not clear to me what we should do with the webkit version in
> lenny.
> Do we need an End-of-life announcement for it?
In my opinion yes.  I think that should have been done a long time ago.

Mike