Antoine Beaupré writes:
> I wonder if some of that stuff should be automated. I am fairly new with
> the security process, how often do mistakes like this happen anyways?
>
> And how hard would it be to automate this?
I would suggest a move useful thing to automate would
> Inline signing is not mandatory (I use MIME-signing with mutt) but
> there are enough cases where MIME-signing does not work properly
I've also found MIME-signing to be unreliable so I now use inline-signing by
default when posting to debian-lts-announce.
(My tip is to BCC your personal email
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: libgd2
Version: 2.0.36~rc1~dfsg-6.1+deb7u3
CVE ID : CVE-2015-8874
Debian Bug : 824627
It was discovered that there was a stack consumption vulnerability
in the libgd2 graphics library which allowed remote
On Wed, 18 May 2016, Antoine Beaupré wrote:
> On 2016-05-18 03:45:57, Raphael Hertzog wrote:
> > On Tue, 17 May 2016, Antoine Beaupré wrote:
> >> It would be great to have better consistency here.
> >
> > Yes, just like we ensure that we get an Accepted mail before sending the
> > DLA, we must
Hi,
* Holger Levsen [2016-05-19 13:45:56 CEST]:
> appearantly some maintainers don't want to support backports in
> wheezy-backports anymore, saying wheezy is oldstable now (und
> unsupported by Debian proper, "just" maintained by the Debian LTS team.)
That's fine
On Thu, May 19, 2016 at 11:45:56AM +, Holger Levsen wrote:
> Alternativly, the backports maintainers would need to agree to maintain
> those backports for two more years.
which should be rather easy by uploading the jessie version to
wheezy-backports and following up with backporting jessie
Hi,
appearantly some maintainers don't want to support backports in
wheezy-backports anymore, saying wheezy is oldstable now (und
unsupported by Debian proper, "just" maintained by the Debian LTS team.)
In a way, that's a fair stand, as when they agreed to support the backport
for the life time
Hi Guido,
On Thu, May 19, 2016 at 08:11:37AM +0200, Guido Günther wrote:
> On Wed, May 18, 2016 at 03:12:23PM -0400, Antoine Beaupré wrote:
> > On 2016-03-29 16:28:36, Antoine Beaupré wrote:
> > > On 2016-03-26 04:33:29, Guido Günther wrote:
> > >> Thanks for reviewing this! I was about to look
On Wed, May 18, 2016 at 03:12:23PM -0400, Antoine Beaupré wrote:
> On 2016-03-29 16:28:36, Antoine Beaupré wrote:
> > On 2016-03-26 04:33:29, Guido Günther wrote:
> >> Thanks for reviewing this! I was about to look into more recent nss
> >> issues after handling dhcpcd but since you're at it, go