I took a look at sponsoring this, but since I am interested in getting security fixes into sarge, I did it with my release assistant hat on to see if the changes in this new upstream release (and in unreleased version 1.5.0-2) are acceptable for sarge.
I'm afraid they are probably not, there are over 8000 lines of changes in here, large changes to the Debian part of the setup, and the only reason to let it into sarge is for a security hole for which we have no details. I have still sponsored the package for you, but I'm afraid the only way to get the security fix into sarge will be to get details about it and either convince a member of the release team that it's worth the work and risk to approve this massive diff, or better, backport the security fix alone and upload it via t-p-u. -- see shy jo
signature.asc
Description: Digital signature