Re-ping, given that we're less than three weeks from the final bullseye point release.
Regards, Adam On Mon, 2024-07-08 at 19:24 +0100, Jonathan Wiltshire wrote: > Hi, > > Ping on this? Adding the maintenance list as well. > > Thanks. > > On Sat, Aug 05, 2023 at 11:05:52PM +0200, Moritz Mühlenhoff wrote: > > Am Mon, Jul 31, 2023 at 08:05:29AM +0100 schrieb Jonathan > > Wiltshire: > > > Hi, > > > > > > On Mon, Jul 04, 2022 at 07:36:12PM +0100, Adam D. Barratt wrote: > > > > Control: retitle -1 RM: obfs4proxy -- RoM; security issues > > > > Control: tags -1 + moreinfo > > > > > > > > On Sat, 2022-03-26 at 21:21 +0100, Paul Gevers wrote: > > > > > Control: tag -1 bullseye > > > > > > > > > > Hi Ana, > > > > > > > > > > On 23-03-2022 13:13, Ana Custura wrote: > > > > > > Opening this bug after a recomendation from debian- > > > > > > security. > > > > > > Version 0.0.8 of obfs4proxy has a security bug, which has > > > > > > only been > > > > > > fixed in a later > > > > > > version (0.0.13, see bug number #1004374), and also suffers > > > > > > from > > > > > > incompatibilty issues > > > > > > with later versions of the package. Version 0.0.13 is > > > > > > already in > > > > > > bullseye-backports. > > > > > > > > > > So this want's removal from bullseye, setting the right tag > > > > > to have > > > > > it on the radar of the SRM. > > > > > > > > obfs4proxy has a reverse-dependency in bullseye: > > > > > > > > Checking reverse dependencies... > > > > # Broken Depends: > > > > onionshare: onionshare > > > > > > > > Dependency problem found. > > > > > > This remains unresolved - obfs4proxy cannot be removed while > > > onionshare > > > depends on it. Security team - is removal your recommendation? > > > How can the > > > dependency be resolved? > > > > Let's add the onionshare maintainer to CC. > > > > In #1004375 onionshare demoted the dependency on obfs4proxy to a > > Recommends, > > can we apply the same to onionshare 2.2 from Bullseye? > > > > Cheers, > > Moritz >
