Control: tags -1 moreinfo d-i Hi Ondřej,
On 29-04-2021 12:19, Ondřej Surý wrote: This is a confusing debdiff. > [ Reason ] > Upstream security release update of the bind9 package. 136 files changed, 7112 insertions(+), 10801 deletions(-) Really? All that for a security release? > [ Impact ] > 3 grave security issues would affect users. I *guess* the changes were large/distributed? Have you considered applying targeted fixes? Were all those 7000/10000 line changes needed to fix these three grave bugs? > [ Tests ] > Upstream has extensive unit and system test suite. > > [ Risks ] > (Discussion of the risks involved. E.g. code is trivial or > complex, key package vs leaf package, alternatives available.) > > [ Checklist ] > [x] all changes are documented in the d/changelog > [x] I reviewed all changes and I approve them All 7112/10801 lines? > [x] attach debdiff against the package in testing > > [ Other info ] > Patches to put limits on NSEC3 SHA1 iterations according to the I-D > draft-hardaker-dnsop-nsec3-guidance were pulled into the package. I have no clue what this is and how important it is. Is this in line with our freeze policy? Can you share some references? Obviously we want grave bugs fixed, but isn't that possible with something in line with our freeze policy? If you think this *is* in line, maybe answering the questions in our FAQ [1] can help you to let us understand. But so far, it doesn't look like this is acceptable. Paul [1] https://release.debian.org/bullseye/FAQ.html section "I want to add a new upstream release, is that possible?"
OpenPGP_signature
Description: OpenPGP digital signature
