On Fri, 2018-10-05 at 17:48 -0500, Daniel Kahn Gillmor wrote: > I'd like to update the version of GnuPG in debian stable with a > series of targeted bugfixes (most of which are backported from > upstream). [...] > I note that this is *not* itself a security fix -- these fixes do not > address a specific vulnerability in stretch's version of GnuPG. > However, they do have security implications for stretch, because they > are needed in order to support enigmail since the thunderbird 60 > upgrade. > > If the release team or the security team (x-debbug-cc'ed here) would > prefer that we handle this via stretch-security instead of > stretch-proposed-updates, that's fine with me: please let me know.
Any chance of an explicit opinion from the Security Team here? [CCed] Regards, Adam
