On Wed, Jun 21, 2017 at 12:35:43PM +0100, Simon McVittie wrote:
> On Wed, 21 Jun 2017 at 09:46:21 +0100, Simon McVittie wrote:
> > Security team: do you want a backport/DSA for stretch-security, or do
> > you consider the mitigations to be sufficient to fix this through
> > a stable update instead? I am hoping to get 0.8.7 into stretch r1 as a
> > stable update, but 0.8.6 contains unrelated bug fixes that I realise
> > you won't necessarily want in stretch-security (proposed-update tracked
> > at <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864028>).
>
> Here is a proposed minimal backport for stretch in case you want one.
> I have source and binaries for this ready for upload.
Please go ahead.
> Does the security
> archive still want source packages built with debuild -sa, and do you
> accept source-only uploads for stretch-security?
source only uploads should work fine, but you still need to include the
orig tarball if the package is new in the stretch-security suite (and
at this point almost everything is)
Cheers,
Moritz
