Package: sponsorship-requests Severity: normal X-Debbugs-Cc: gs-bugs.debian....@gluelogic.com
Dear mentors, I am looking for a DD sponsor for my package "lighttpd": https://salsa.debian.org/debian/lighttpd/ I am an upstream lighttpd developer and have participated in maintaining lighttpd on Debian for a number of years. I am listed as an uploader on https://tracker.debian.org/pkg/lighttpd lighttpd-1.4.73-1 passes autopkgtests and expected CI tests, and is tagged. (This is a non-DD maintainer upload.) * Package name : lighttpd Version : 1.4.73-1 Upstream contact : team+light...@tracker.debian.org * URL : https://lighttpd.net/ * License : BSD-3-Clause * Vcs : https://git.lighttpd.net/lighttpd/lighttpd1.4 Important changes in lighttpd 1.4.73: * HTTP/2 detect and log rapid reset attack While lighttpd is not affected by HTTP/2 rapid reset attacks any more than by other DoS attacks, changes have been made to lighttpd to detect and log when a rapid reset attack occurs, and to close the HTTP/2 connection. Log watchers might subsequently use the trace to block IPs. The goal is to make lightpd 1.4.73 available in unstable, testing, and then backports (or sloppy-backports) to maintained Debian versions. Please advise next steps. Thank you. Glenn P.S. The version of lighttpd in Debian Experimental is 1.4.71-1+exp1 and can be retired.
