On Sat, Oct 20, 2018 at 10:43:31AM +0100, Adam D. Barratt wrote: > On Fri, 2018-10-05 at 17:48 -0500, Daniel Kahn Gillmor wrote: > > I'd like to update the version of GnuPG in debian stable with a > > series of targeted bugfixes (most of which are backported from > > upstream). > [...] > > I note that this is *not* itself a security fix -- these fixes do not > > address a specific vulnerability in stretch's version of GnuPG. > > However, they do have security implications for stretch, because they > > are needed in order to support enigmail since the thunderbird 60 > > upgrade. > > > > If the release team or the security team (x-debbug-cc'ed here) would > > prefer that we handle this via stretch-security instead of > > stretch-proposed-updates, that's fine with me: please let me know. > > Any chance of an explicit opinion from the Security Team here? [CCed]
That's all bugfixes related to enabling Enigmail and nothing in their is itself security-related, so I think that's something for the point update, not security.debian.org Cheers, Moritz