On Thu, 28 Aug 2025 at 16:39, Jon Turney wrote: > > On 28/08/2025 15:07, Jeffrey Altman via Cygwin wrote: > > On 8/28/2025 9:44 AM, Michael Cook via Cygwin wrote: > >> Apparently, there's a critical security vulnerability in git. > >> > >> https://github.blog/open-source/git/git-security-vulnerabilities- > >> announced-6/ > >> > >> Cygwin is currently at 2.45.1. > >> We're being urged to upgrade to 2.50.1. > > > > 2.45.4 is available as a security fix release for the 2.45 version if > > Cygwin wishes a smaller update. > > Hi Adam, > > I hope you are well. > > A couple of people have raised concerns about vulnerabilities in the > current cygwin git package, i.e: > > https://cygwin.com/pipermail/cygwin/2025-August/258716.html > https://cygwin.com/pipermail/cygwin/2025-August/258722.html > > > I notice that while you are still the maintainer of record for git, you > haven't been active for over a year, so it would help at lot if you > could let me know your intentions here. > > Please let me know if you want to orphan it and/or all your other packages. > > In any case, thanks for all your work on git in the past.
Hullo, I've been intending to update the Git packages -- and many of the others -- Any Day Now for over a year (I just checked and that job has been on my to-do list since 1 June 2024...). I'm still intending to do that, and had bumped it up my priority list in response to these emails, but I'm very grateful to Achim to sorting out the NMU to resolve these requests! If there's someone else who's interested in taking over, I'd be more than happy to hand the baton over for any of these packages. Equally, I'm happy for my name to continue to be listed against them and I'll update them when I manage it. I am still following the mailing lists, but realistically I wasn't going to manage my own upload for this until late September thanks to various other bits of personal life needing to take priority. Adam
