Re: [Fwd: Re: Tomb package 2.5 > 2.6]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi SZ, thanks for your review and thoughts Sven Am Samstag, den 05.10.2019, 20:43 +0800 schrieb SZ Lin (林上智): > Hi Sven, > > Sven Geuer 於 2019年10月4日 週五 上午3:12寫道: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > Hi Team, > > > > I received a request to bring tomb 2.6 to buster (see forwarded > > mail > > below). I believe backports is the way to go. Do you agree? > > I've skimmed the commits between 2.5 and 2.6, and many commits are > not related to security fixes. Therefore, I think buster-backport is > more > suitable for this case if you want to use tomb 2.6 in Debian 10. > > Moreover, if there is any specific security issue (e.g., CVE) need to > be fixed, > the buster-security is the way. > > SZ > > > @Dmitry: I'm not sure why you consider tomb 2.6 a security update. > > Anyway, to emphasize your request I suggest you open up a whishlist > > bug > > against tomb. > > > > Sven > > > > - Weitergeleitete Nachricht > > Von: Dmitry Elmanov > > An: Sven Geuer > > Betreff: Re: Tomb package 2.5 > 2.6 > > Datum: Thu, 3 Oct 2019 14:11:22 +0300 > > > > > Dear Sven > > > > > > Tomb 2.6 safely settled in the Testing. Thank you. > > > In my opinion, there are all signs that version 2.6 > > > is a "security update", and therefore may come to > > > a stable branch. Is it possible? Or backports...? > > > > > > Best regards, > > > Dmitry Elmanov > > > > > -BEGIN PGP SIGNATURE- > > > > iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAl2WRakACgkQrfUO2vit > > 1YWS7g/9HoeQkkz14koe0iBfC6pqDFxgkLyFcdB4GOUF6eu3A6kHdSsfYDj4g33F > > kUwANU2aZ3ep3plkb6bS5SmpDRt3g1Mwvd+za0rlQNyEu2lnbqOUZKEqpcRg4xl7 > > BLkbevYeDCc36WOg2GgxtaQ0+PBeVTl0k19jeQgP0CIHcwKDGt3wkjS89NAsanqn > > IICiP3sLN3yFWtpPiK6KkUrQ0P2hCU7xDSdutKxNw0uRLzGL7iemX8vmD+SzjCDe > > QtZaY2HW3lrMPcPjWgbmj90y4wsufuEWduKGJSl0XWXDX/vhGQLBFOJMCb2C19lV > > kASTBzcldhxLakqeOkW4GomS2GajO1TQ//mY8P2/KIYjlIxEmt8XUxWjm3CU/F+O > > khPrC8ZNZ6eW+kf+Xw7suKKnTirSI5MvWKtnJRklh/ufVXlEY5ALAz/enesKQ6jx > > bMz4FwMM1amvc5qlsKOlFHMLUuDP2KxmHvcum5aZnbs0M5VLETviRKcRSrOWh9Yh > > YkB/scyHS0CYHDgOr1umpEeV7XcQSmlOpx6/yb3m4UrVnSMeCHCZI5tjSb43NFo2 > > yb3gjduPCsXJ0/Snpyw7MXeKemtFV4RJXp20StKokAB+bjyDVkhILDLTaay/Iw5t > > FvZPz0+s4NY8f547dRpofbjVdPbnulFlNP8Fgu2FN+oZr4b2NXM= > > =a+4B > > -END PGP SIGNATURE- > > -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAl2aVlEACgkQrfUO2vit 1YXsVw/9FdpZ6LMpTkF04OoyvLvi5H7l/++WOKZ2+B2iwjAYmkzeGq2Yz6V7sYBy yCZdVSl8KJ61OBdeh9g+mErfhnTh+MrOkce2P5mKG4bdNPzM9mZ+lxX6Dz6DbXl+ 6RYKWPIb6BarC5DbN31ncIqwnjZts1r7WmDRobF+aTd49OMg0zk6fwSBwHbyc9Au 6vkg9/cQrjTPCLhm9b+P+2fJiNbi5DWa5EsMZfVlHrYdpP5jd9kOw4fInDUhYoLF cfKMIvMdb2uVkkv+DPUy7BlWQ5bVjkxT8pYM4ybHuXC7v+8JME3PB0a4o/W49/yb CgKsOGgYIg1N6mC5sWoQ1M/z0QNSOGajc45S6FFtLAvz3Rk/9kpWmkBP0bcvneED 1rOQ2BcNpXK2jyw5lP06Ja3pSOMidGEDL/PQ/gNHuS4sA0ScqOuNoPjW/ikveE2Y bYMwQu+BnLbPgVBBjNcvUr0aS2zcfzXFY0oLbLvRTqZGbfkO+eWq16d15vU0eXHt Q1spwH6ckzpYr5Tt8Hj1qGkHIELmINZ2vVeCqZJd+zvQ5UiHvjQcheRLfPypjdgK 7ikpvRWYkVGsw/W1ljkjJDcYpQ2zyc+Xpdl9mUkcOI4uWsHegrOrdkTfZekZmfel 6zERY6rH4Z5GexfNBDoaHLAONY0mJuQgP4hktldyL0HSmjcsyh0= =o2KR -END PGP SIGNATURE-
Re: [Fwd: Re: Tomb package 2.5 > 2.6]
Hi Sven, Sven Geuer 於 2019年10月4日 週五 上午3:12寫道: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Hi Team, > > I received a request to bring tomb 2.6 to buster (see forwarded mail > below). I believe backports is the way to go. Do you agree? I've skimmed the commits between 2.5 and 2.6, and many commits are not related to security fixes. Therefore, I think buster-backport is more suitable for this case if you want to use tomb 2.6 in Debian 10. Moreover, if there is any specific security issue (e.g., CVE) need to be fixed, the buster-security is the way. SZ > > @Dmitry: I'm not sure why you consider tomb 2.6 a security update. > Anyway, to emphasize your request I suggest you open up a whishlist bug > against tomb. > > Sven > > - Weitergeleitete Nachricht > Von: Dmitry Elmanov > An: Sven Geuer > Betreff: Re: Tomb package 2.5 > 2.6 > Datum: Thu, 3 Oct 2019 14:11:22 +0300 > > > Dear Sven > > > > Tomb 2.6 safely settled in the Testing. Thank you. > > In my opinion, there are all signs that version 2.6 > > is a "security update", and therefore may come to > > a stable branch. Is it possible? Or backports...? > > > > Best regards, > > Dmitry Elmanov > > > > > > -BEGIN PGP SIGNATURE- > > iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAl2WRakACgkQrfUO2vit > 1YWS7g/9HoeQkkz14koe0iBfC6pqDFxgkLyFcdB4GOUF6eu3A6kHdSsfYDj4g33F > kUwANU2aZ3ep3plkb6bS5SmpDRt3g1Mwvd+za0rlQNyEu2lnbqOUZKEqpcRg4xl7 > BLkbevYeDCc36WOg2GgxtaQ0+PBeVTl0k19jeQgP0CIHcwKDGt3wkjS89NAsanqn > IICiP3sLN3yFWtpPiK6KkUrQ0P2hCU7xDSdutKxNw0uRLzGL7iemX8vmD+SzjCDe > QtZaY2HW3lrMPcPjWgbmj90y4wsufuEWduKGJSl0XWXDX/vhGQLBFOJMCb2C19lV > kASTBzcldhxLakqeOkW4GomS2GajO1TQ//mY8P2/KIYjlIxEmt8XUxWjm3CU/F+O > khPrC8ZNZ6eW+kf+Xw7suKKnTirSI5MvWKtnJRklh/ufVXlEY5ALAz/enesKQ6jx > bMz4FwMM1amvc5qlsKOlFHMLUuDP2KxmHvcum5aZnbs0M5VLETviRKcRSrOWh9Yh > YkB/scyHS0CYHDgOr1umpEeV7XcQSmlOpx6/yb3m4UrVnSMeCHCZI5tjSb43NFo2 > yb3gjduPCsXJ0/Snpyw7MXeKemtFV4RJXp20StKokAB+bjyDVkhILDLTaay/Iw5t > FvZPz0+s4NY8f547dRpofbjVdPbnulFlNP8Fgu2FN+oZr4b2NXM= > =a+4B > -END PGP SIGNATURE- >
[Fwd: Re: Tomb package 2.5 > 2.6]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Team, I received a request to bring tomb 2.6 to buster (see forwarded mail below). I believe backports is the way to go. Do you agree? @Dmitry: I'm not sure why you consider tomb 2.6 a security update. Anyway, to emphasize your request I suggest you open up a whishlist bug against tomb. Sven - Weitergeleitete Nachricht Von: Dmitry Elmanov An: Sven Geuer Betreff: Re: Tomb package 2.5 > 2.6 Datum: Thu, 3 Oct 2019 14:11:22 +0300 > Dear Sven > > Tomb 2.6 safely settled in the Testing. Thank you. > In my opinion, there are all signs that version 2.6 > is a "security update", and therefore may come to > a stable branch. Is it possible? Or backports...? > > Best regards, > Dmitry Elmanov > > > -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAl2WRakACgkQrfUO2vit 1YWS7g/9HoeQkkz14koe0iBfC6pqDFxgkLyFcdB4GOUF6eu3A6kHdSsfYDj4g33F kUwANU2aZ3ep3plkb6bS5SmpDRt3g1Mwvd+za0rlQNyEu2lnbqOUZKEqpcRg4xl7 BLkbevYeDCc36WOg2GgxtaQ0+PBeVTl0k19jeQgP0CIHcwKDGt3wkjS89NAsanqn IICiP3sLN3yFWtpPiK6KkUrQ0P2hCU7xDSdutKxNw0uRLzGL7iemX8vmD+SzjCDe QtZaY2HW3lrMPcPjWgbmj90y4wsufuEWduKGJSl0XWXDX/vhGQLBFOJMCb2C19lV kASTBzcldhxLakqeOkW4GomS2GajO1TQ//mY8P2/KIYjlIxEmt8XUxWjm3CU/F+O khPrC8ZNZ6eW+kf+Xw7suKKnTirSI5MvWKtnJRklh/ufVXlEY5ALAz/enesKQ6jx bMz4FwMM1amvc5qlsKOlFHMLUuDP2KxmHvcum5aZnbs0M5VLETviRKcRSrOWh9Yh YkB/scyHS0CYHDgOr1umpEeV7XcQSmlOpx6/yb3m4UrVnSMeCHCZI5tjSb43NFo2 yb3gjduPCsXJ0/Snpyw7MXeKemtFV4RJXp20StKokAB+bjyDVkhILDLTaay/Iw5t FvZPz0+s4NY8f547dRpofbjVdPbnulFlNP8Fgu2FN+oZr4b2NXM= =a+4B -END PGP SIGNATURE-