Hi Daniel Thanks for you followup! Even better if you (or someone else of pkg-monitoring team) can do the security upload:
On Sat, Jan 19, 2013 at 11:22:47AM +0100, Daniel Pocock wrote: > Just following up on this > > - - I've added pkg-monitoring-maintain...@lists.alioth.debian.org to the > CC, as there are more people now involved with Ganglia packaging > > - - if it is acceptable for the upload, I've also put the current > Maintainer and VCS details in debian/control on the squeeze branch IMHO yes (but cannot speak for the security team; but the VCS seem still on old location so far?) Can you furthermore please include the CVE identifier in the changelog? (CVE-2012-3448) > diff --git a/debian/changelog b/debian/changelog > index a655fa6..0a0cb20 100644 > - --- a/debian/changelog > +++ b/debian/changelog > @@ -1,3 +1,9 @@ > +ganglia (3.1.8-2) UNRELEASED; urgency=low > + > + * Package now under pkg-monitoring maintainership, update control > + > + -- Daniel Pocock <dan...@pocock.com.au> > + > ganglia (3.1.8-1) unstable; urgency=low > > * Fix for path injection security bug (Closes: #683584) Note that in general only the fixes for the security upload should be included. I know: you mentioned that 3.1.8 includes only the fixes for #683584. But looking at the diff between the two tar.gz: $ diff -urN ganglia-3.1.7 ganglia-3.1.8 | diffstat [...] 110 files changed, 49330 insertions(+), 73094 deletions(-) (part of it seems autogenerated stuff). The git repo on other side seem to be based upon 3.1.7-2 (uploaded once to unstable) and then 3.1.8 (according at least looking at the changelog[1]). [1]: http://anonscm.debian.org/gitweb/?p=collab-maint/ganglia.git;a=blob;f=debian/changelog;hb=refs/heads/squeeze I'm sorry if I miss something here. Regards, Salvatore
signature.asc
Description: Digital signature