Re: squeeze-pu: package ftpd-ssl/0.17.32+0.3-1+deb6u1
On Wed, 2015-07-01 at 23:35 +0200, Mats Erik Andersson wrote: > Wednesday den 1 July 2015 klockan 21:26 skrev Thorsten Alteholz detta: > > Hi Mats, > > > > from my point of view it would be great to have this patch > > in oldoldstable as well. > > I did not understand that oldoldstable and squeeze-lts are > two separate distributions. They are, but... > > Some special infos about uploading can be found in [1]. > > In regard to your debdiff, the distribution should be > > squeeze-lts instead of squeeze. > > So, taking this a step further, suppose I manage to get the > updated package into oldoldstable/squeeze, would the change > be picked up automatically in squeeze-lts, or do you need me > to produce two packages, one stating "squeeze" in 'debian/changelog' > and the other "squeeze-lts"? ... squeeze is no longer updated. Uploads to squeeze or oldoldstable will be rejected by the archive. You only need a single upload, to squeeze-lts. Regards, Adam -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1435814199.8794.2.ca...@adam-barratt.org.uk
Re: squeeze-pu: package ftpd-ssl/0.17.32+0.3-1+deb6u1
Wednesday den 1 July 2015 klockan 21:26 skrev Thorsten Alteholz detta: > Hi Mats, > > from my point of view it would be great to have this patch > in oldoldstable as well. I did not understand that oldoldstable and squeeze-lts are two separate distributions. > Some special infos about uploading can be found in [1]. > In regard to your debdiff, the distribution should be > squeeze-lts instead of squeeze. So, taking this a step further, suppose I manage to get the updated package into oldoldstable/squeeze, would the change be picked up automatically in squeeze-lts, or do you need me to produce two packages, one stating "squeeze" in 'debian/changelog' and the other "squeeze-lts"? Best regards, Mats E Andersson -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150701213504.ga71...@aun.utmark.mea
Re: squeeze-pu: package ftpd-ssl/0.17.32+0.3-1+deb6u1
Hi Mats, On Tue, 30 Jun 2015, Mats Erik Andersson wrote: The corresponding debdiff is attached. Please inform me how approach this matter. from my point of view it would be great to have this patch in oldoldstable as well. Some special infos about uploading can be found in [1]. In regard to your debdiff, the distribution should be squeeze-lts instead of squeeze. Thorsten [1]https://wiki.debian.org/LTS/Development -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/alpine.deb.2.02.1507012115140.8...@jupiter.server.alteholz.net
Re: [PATCH] lts-cve-triage: allow to skip packages already in dla-needed.txt
On Mon, Jun 29, 2015 at 10:53:41PM +0200, Raphael Hertzog wrote: > Hi, > > On Fri, 26 Jun 2015, Guido Günther wrote: > > With lots of packages in dla-needed.txt it's easier to focus on CVEs of > > packages that are not being worked on at all. > > Looks fine to me. > > > for pkg in tracker.iterate_packages(): > > +if args.skip_dla_needed and pkg in tracker.dla_needed.keys(): > > Minor nitpick: The final .keys() is useless. "key in dict" does the same > as "key in dict.keys()" in a more efficient way. Old habits die hard. Applied with the nit fixed. Cheers, -- Guido > > Cheers, > -- > Raphaël Hertzog ◈ Debian Developer > > Support Debian LTS: http://www.freexian.com/services/debian-lts.html > Learn to master Debian: http://debian-handbook.info/get/ > -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150701075844.ga9...@bogon.m.sigxcpu.org
Re: debdiff for CVE-2015-3206 (pykerberos)
On Tue, Jun 30, 2015 at 09:14:14PM +, Mike Gabriel wrote: > Hi Guido, > > I just saw that you are co-maintainer of pykerberos. I realized after I had > already put my name behind the package name in dla-needed.txt. > > As you are also on the LTS team, do you want to continue with uploading the > package? Or shall I see to the upload and DLA? Maybe you just want to take a > quick look and let me proceed. Please let me know your preferences here. Go ahead, you've done most of the work already. I had a look at the code on github when triaging the bug and it looked correct then but can break existing applications if we leave the default of verify == True (as noted in the CVE list). Cheers, -- Guido -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150701070536.gb3...@bogon.m.sigxcpu.org
