On Fri, Mar 15, 2013 at 05:50:08PM +0100, Yves-Alexis Perez wrote: > On jeu., 2013-03-14 at 22:48 -0400, Michael Gilbert wrote: > > Hi, > > > > I've prepared new nss packages fixing the "lucky 13" issue: > > http://people.debian.org/~mgilbert > > > > For the mozilla team, this is a new upstream, so would you be ok with > > it uploaded as an nmu, or would you like to upload? > > > > For the security team, these fixes are so large that I think a > > backport is likely impossible. Should (can) we attempt to convince > > the release team to jump from 3.13.6 to 3.14.3 in testing, or is that > > crazy at this point in the freeze? If not, then what? > > > Manually adding Mike in the loop because of the broken BTS.
I was considering we should get 3.14.x in both testing and stable-security, actually, but it needs some work to make it on par with the versions in testing and stable, because in its current state it breaks some things people might expect not to be broken with a stable update (most notoriously, md5 signature of certificates are rejected, and there are a few other things like that) Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
