Hi Sean,
On Fri, Oct 27, 2023 at 04:08:36PM +0100, Sean Whitton wrote:
> [attempt to resend to correct list address]
>
> Hello,
>
> I am trying to backport the fix for CVE-2020-25648 to nss version 3.42.1
> in Debian 10, "buster". Unfortunately, the four tests added by the fix
> do not pass.
>
[attempt to resend to correct list address]
Hello,
I am trying to backport the fix for CVE-2020-25648 to nss version 3.42.1
in Debian 10, "buster". Unfortunately, the four tests added by the fix
do not pass.
Would someone be able to take a look at the test output, please?
Perhaps the failed tes
Hello,
I am trying to backport the fix for CVE-2020-25648 to nss version 3.42.1
in Debian 10, "buster". Unfortunately, the four tests added by the fix
do not pass.
Would someone be able to take a look at the test output, please?
Perhaps the failed test does not indicate that the fix is ineffecti
>Uploads to unstable require maintainer coordination. That alone has the
>potential to introduce a delay (e.g., in the case of an unresponsive
>maintainer).
That sounds easily solvable by allowing a DELAYED/2 NMU or something for
security fixes.
However, such a policy would only work if we have
On Thu, Oct 26, 2023 at 10:21:52PM +0200, Ola Lundqvist wrote:
> This means that it may be a good practice in certain cases, but not a
> general rule.
i'd phrase the other way around exactly.
also, speed matters for high security issues but very much less so for
no-dsa classes of issues.
--
ch