chore: Bump version to 6.0.15

[wangrong1069]

As title.

Log: Bump version to 6.0.15

Summary by Sourcery

Chores:

• Update Debian changelog to reflect version 6.0.15.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Bumps the Debian package changelog to version 6.0.15 for a new release.

File-Level Changes

Change	Details	Files
Update Debian changelog entry to reflect new 6.0.15 release version.	Add or modify the top changelog stanza to set the version to 6.0.15. Adjust associated metadata in the changelog entry (e.g., date/maintainer line) if provided by the bump script. Ensure the changelog maintains correct Debian formatting and ordering with 6.0.15 as the latest entry.	debian/changelog

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[github-actions]

TAG Bot

TAG: 6.0.15
EXISTED: no
DISTRIBUTION: unstable

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[deepin-ci-robot]

deepin pr auto review

这段 user provided a git diff of a Debian changelog file.
I need to review this specific change.

Analysis of the Diff:

• Action: Reverting a previous change regarding dependencies (7zip).
• Action: Refactoring Polkit authorization.
• Metadata: Version bump to 6.0.15, urgency medium, maintainer info.

Review Points:

1. Syntax: The changelog format follows Debian standards perfectly.
2. Logic: Reverting a dependency change usually implies the new package caused issues (e.g., missing binaries, API changes). This is a logical fix if the migration was premature or broken.
3. Security: The Polkit change "using SystemBusNameSubject" is significant. It suggests a move towards verifying the caller of the action (the process) rather than just the user. This is generally more secure and robust for desktop applications (like Deepin Boot Maker) that might have helper processes.
4. Quality: Clear commit messages.

Drafting the Response:
I will structure the response as requested: Syntax, Logic, Quality, Performance, Security.

• Syntax: Correct.
• Logic: Revert is valid. Refactor implies improving the auth flow.
• Quality: Good.
• Performance: N/A for changelog, but Polkit checks are fast.
• Security: Highlight the Polkit improvement as a security enhancement.

I will formulate the Chinese response now.

Content:

• 语法逻辑: 格式正确。
• 代码质量: 提交信息规范。
• 代码性能: 无直接影响。
• 代码安全: Polkit 改进是安全相关的。

Refining the "Polkit" point:
SystemBusNameSubject is used in Polkit rules to authorize a specific bus name (process). This prevents other processes running as the same user from hijacking the privilege. It's a positive security step.

Final Polish:
Ensure the tone is helpful and professional.

(Self-Correction): I should mention that while the changelog looks fine, the actual code implementing the Polkit change needs to be checked to ensure the bus name is correctly obtained and validated. I will add this as a suggestion.

Final Output Structure:

1. 总体评价
2. 详细审查
   • 语法逻辑
   • 代码质量
   • 代码性能
   • 代码安全
3. 改进建议

Let's write it.

这段 git diff 展示了 deepin-boot-maker 项目的 Debian 变更日志（debian/changelog）的更新。这是一个版本发布记录的变更，而非具体的源代码逻辑变更。以下是对该变更的详细审查意见：

1. 总体评价

该变更日志符合 Debian 打包规范，格式清晰，信息准确。本次更新主要包含两个核心动作：回滚依赖项变更和重构 Polkit 授权机制。这两项变更对于软件的稳定性和安全性都有积极影响。

2. 详细审查

语法逻辑

• 格式规范：变更日志严格遵循了 Debian changelog 格式标准（package (version) distribution; urgency），条目缩进正确，维护者信息和日期格式符合要求。
• 逻辑连贯性：
  • Revert "deps: migrate from p7zip-full to 7zip package"：明确指出了回滚操作。这通常意味着之前的迁移（6.0.14）引入了兼容性问题、构建错误或运行时错误，回滚是合乎逻辑的修复手段。
  • refactor: improve Polkit authorization using SystemBusNameSubject：表明对权限授权逻辑进行了重构。

代码质量

• 提交信息清晰：使用了 Revert 和 refactor 等标准前缀，使得变更意图一目了然。
• 版本管理：版本号从 6.0.14 升级至 6.0.15，符合语义化版本控制或 Debian 版本控制习惯。
• 维护者信息：包含了提交者姓名和邮箱，以及精确的时间戳，便于追溯。

代码性能

• 依赖项回滚：p7zip-full 和 7zip 在性能上的差异通常取决于具体实现和编译优化。回滚到 p7zip-full 可能是为了恢复之前稳定的压缩/解压性能表现，或者解决新包带来的性能回退问题。
• Polkit 授权：使用 SystemBusNameSubject 进行授权检查，其性能开销极小（主要是系统总线上的消息传递和名称匹配），不会对应用程序启动或运行造成明显的性能负担。

代码安全

• Polkit 授权改进（重点）：
  • 变更中提到 "improve Polkit authorization using SystemBusNameSubject" 是一个积极的安全增强。
  • 解释：在 Polkit 策略中，SystemBusNameSubject 允许系统验证请求权限的进程是否确实拥有特定的 D-Bus 总线名称。这比仅仅验证用户 ID（User ID）更严格，因为它可以防止同一用户下的其他恶意进程冒充 deepin-boot-maker 来提权执行敏感操作（如写入磁盘）。这有效地防止了会话内的权限劫持攻击。

3. 改进建议

虽然变更日志本身写得很好，但为了确保上述变更（尤其是 Polkit 部分）真正落地有效，建议对相关的实际代码进行以下检查：

1. Polkit 策略文件审查：

   • 检查对应的 .policy 文件（通常在 /usr/share/polkit-1/actions/ 下），确认 <allow_active> 或相关规则中是否正确配置了 SystemBusNameSubject。
   • 确保应用在获取 D-Bus 名称时是唯一的，并且在请求权限前已经成功注册了该名称。

2. 依赖项回滚的验证：

   • 确认 debian/control 文件中确实将 7zip 依赖改回了 p7zip-full（或相关兼容包）。
   • 如果是因为 7zip 包在特定发行版中不可用或存在 Bug，建议在代码注释或提交信息中补充具体的 Bug 报告链接或错误原因，以便未来查阅。

3. 时间戳检查：

   • diff 中的日期显示为 2026 年（Fri, 24 Apr 2026）。如果这是测试数据，请忽略；如果是实际提交，请确认系统时间设置是否正确，这可能会影响包构建的时效性判断。

总结：这是一个高质量的变更日志，记录了关键的依赖修复和安全加固。建议重点关注 Polkit 代码实现是否与日志描述一致，以确保安全加固生效。

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: lzwind, wangrong1069

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[deepin-bot]

TAG Bot

✅ Tag created successfully

📋 Tag Details

• Tag Name: 6.0.15
• Tag SHA: 28d8ef5470a4a4c7dfae6a2f4ced07e1a3f0b224
• Commit SHA: 5081daeb42e470d47520bd0fee14a52043e2ec9a
• Tag Message:

  Release deepin-boot-maker 6.0.15
  
  

• Tagger:
  • Name: wangrong1069
• Distribution: unstable