Hi! * Jeremy T. Bouse <jbo...@debian.org> [2010-02-01 16:12:06 CET]: > Gerfried Fuchs wrote: > > * Jeremy T. Bouse <jbo...@debian.org> [2009-11-27 19:30:47 CET]: > >> I am currently working on getting 1.4.4 ready to go and remove David > >> Gil from the package per (#551636) > > > > Actually, I'm not sure, does this address Moritz' concerns, from a > > security team's point of view, especially with respect to stable? I > > don't see any update that would have fixed the security issues for > > lenny, what is your plan for that? > > 1.4.4 reportedly fixes all current outstanding CVS reports. Short of > going and simply upgrading the old versions trying to go through the > code and find the specific fixes to these issues, as I've found no patch > files specific to the problem, would take much more time than I have > available when a fixed upstream version is already available in the > repository. 1.4.4-1 hit the unstable repository in late November and I > had a few fixes until 1.4.4-3 was migrated to testing just before Christmas.
You are aware that maintaining a package doesn't mean only taking care for it in unstable but also to at least try to give the security team a helping hand for trying to get things straight in a stable release? I wonder, how severe are the issues actually? Is it better to pull the package from the stable release (like Moritz suggested already) if you don't see the posibility to get the issues fixed for stable, or do you consider the issues minor enough to ignore them for this time - but what will happen when more severe ones pop up? Thanks, Rhonda -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
