On Fri, Nov 15, 2019 at 08:42:59PM +0000, Holger Levsen wrote: > On Thu, Nov 14, 2019 at 01:51:46PM -0500, Roberto C. Sánchez wrote: > > > I had not yet seen this message so I already submitted a MR. Should I > > > close that and make a direct commit? > > I believe you did this now, but in any case: yes, please. > Yes, that is done.
> > - Any feedback on this proposed DLA text? > > a.) very cool! > > > Package : debian-security-support > > Version : 2019.11.15~deb8u1 > > > > > > debian-security-support, the Debian security support coverage checker, > > has been updated in jessie. > > > > This marks the end of life of the libqb package in jessie. A recently > > reported vulnerability against libqb which allows users to overwrite > > arbitrary files via a symlink attack cannot be adequately addressed in > > libqb in jessie. Upstream no longer supports this version and no > > packages in jessie depend upon libqb, thus making it a leaf package. > > b.) I would drop the 'thus making it a leaf package.' half-sentence and > it conveys no relevant information. > I have updated my draft. When I upload to jessie a bit later on tonight I will release the DLA with the updated wording. > & thanks again for taking care of the d-s-s upload! > My pleasure. Regards, -Roberto -- Roberto C. Sánchez