On Wed, 07 Dec 2016 at 07:46:06 +0100, Vincent Bernat wrote: > ❦ 7 décembre 2016 00:30 +0100, Guilhem Moulin <guil...@guilhem.org> : > >>> Version: 1.1.4+dfsg.1-1~bpo8+1 >>> […] >>> So probably it is important to update to upstream version 1.2.3 >> >> Unfortunately 1.2.x has many dependencies that aren't in >> jessie-backports yet. I personally don't have the time nor energy to >> maintain said dependencies, so we asked backports folks for an exception >> to stick to 1.1.x for the bpo version, exception which was rejected. >> I'm afraid the remaining alternative is to take remove the package from >> jessie-backports :-( > > Since the problem is quite serious, could you push the fix in bpo8+2 > nonetheless? Then wait a bit before asking for removal from backports to > let actual users get an updated version. It seems far better than just > leaving some people with vulnerable versions on their systems.
Just tagged and pushed ‘debian/1.1.5+dfsg.1-1_bpo8+2’. Note that I moved jessie-backports's HEAD to its parent first as is was on debian/1.1.6+dfsg.1-1_bpo8+1 which didn't make it to bpo. Running git branch jessie-backports debian/1.1.5+dfsg.1-1_bpo8+1 before pull should fix this. Sorry for the inconvenience. -- Guilhem.
signature.asc
Description: PGP signature