Hi Robie, On Thu, Jan 21, 2016 at 09:46:13AM +0000, Robie Basak wrote: > Dear Security Team, > > You have asked us to be prompt with helping to prepare security updates > for you, and we have done so. We have kept the bug updated like you > asked us last time. The sources are tested and ready. We notified the > bug as requested, but haven't heard from you. Please let us know how you > want to coordinate uploading this.
Thanks for preparing an update. We usually would see a debdiff from the resulting built package (in case of a new upstream import this can get big, so some autogenerated files can be filtered out). We have collected important information for us in advisory preparation in https://wiki.debian.org/DebianSecurity/AdvisoryCreation especially relevant from the developers point of view preparing the update https://wiki.debian.org/DebianSecurity/AdvisoryCreation/SecurityDev . The changelog itself looks good to me from a quick skim trough. It addresses all the information we would like to have seen there (CVE references, bug fixed, reference to Oracle CPU). Thank you. Important question first: What is the status for the wheezy-security package for those issues? Plase make sure for the following: Once you have both, built the jessie-security one with -sa to include the original orig.tar.gz and the wheezy-security one explicitly without -sa to not include the orig source tarball. Then we need a bit of coordination for the upload order, since mysql-5.5 is a special case with same source orig.tar.gz for both wheezy and jessie. Someone of your team with GPG key in the DD keyring might then upload first the jessie-security one to security-master, and after it gets accepted there, upload the wheezy-security one. Regards, Salvatore
signature.asc
Description: PGP signature
