On Sat, May 7, 2011 at 5:46 AM, Vincent Cheng <vincentc1...@gmail.com> wrote: > Hi, > > The patch provided for the security issue in bug #451303 was removed > in Exaile 0.3.2.0-0.1, with the following message in debian/changelog: > > * debian/patches > - Remove directory. No longer needed for current release. > > As such, is this patch still needed (in Exaile 0.3)?
Hi Vincent, This patch is not needed with the 0.3 series. Exaile no longer offers the option to download plugins (or as the bug puts it, "downloads and execute remote code"). I'm glad to see that Exaile is receiving some love in Debian! I saw that the package was orphaned finally, and was interested in adopting it. It looks like you got around to it before me. I haven't gotten a chance to look closely at what you've done, but will do so soon. I'd love to be able to minimalism the diff between the Debian and Ubuntu/upstream packaging. If you're interested in a co-maintainer, I'd be willing to help out. I imagine the biggest difference now is that we've split out some of the plugins into separate packages. Are you keeping the packaging in a VCS? If so where? Thanks, - Andrew Starr-Bochicchio -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org