On Fri, Jun 05, 2015 at 03:58:23AM +0200, Daniele Tricoli wrote: > Hello, > > On Sunday 31 May 2015 12:00:17 Moritz Mühlenhoff wrote: > > What's the status? > > Sorry for the delay! I cherry picked and adapted the patch for pyjwt > version in Jessie. I worked on this branch: > https://anonscm.debian.org/viewvc/python-modules/packages/pyjwt/branches/0.2.1/ > > The package build fine (also twice in a row) in a pbuilder chroot. > > Luke, do you know if is there any test case for asymmetric keys > used as HMAC secrets? > > I have some questions (maybe d-mentors is the right place but : > 1. I have to use 0.2.1-1+deb8u1 as version, right?
Yes, that's correct. > 2. Since there is not a CVE, I have to mention > TEMP-0781640-F16931 in the changelog, right? Those TEMP IDs are not static, please rather mention https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ as a reference. > 2. Can I ask to my sponsor to upload it on jessie-security? Yes, please. It needs to be build with "-sa" since pyjwt is new in the jessie-security suite. Cheers, Moritz _______________________________________________ Python-modules-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
