Hello, On bug #1125042, Jeremy Bícha wrote: > Leandro Cunha <[email protected]> wrote: > > there's an interesting fix like #1123738. > > That particular fix appears to be small and could be pushed as a regular > trixie update without backports. > https://github.com/mrvladus/Errands/commit/04e567b4320
It seems like everyone has accidentally missed the mails I've been sending to that original report like https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738#17 (attached for your convenience). I'm invested in this issue as the original submitter and having articulated the security risks upstream. Except for translation updates that TLS-related fix is the only substantial change in the newer upstream releases (because most upstream activity has shifted to the C rewrite), so I think going from 46.2.8 to 46.2.10 is appropriate for trixie-updates. > [Jeremy] I don't have experience with Debian backports so I don't think I > have the capacity to help you there. I can sponsor stable updates though. I'm not a Debian Developer and don't have uploading rights for Errands, so if you would sponsor the final package upload, I'd love to take charge of all else: • send a merge request in Salsa which I'm almost finished with to have 46.2.10 for Trixie • ask the Release Team for approval for trixie-updates, with an assessment of the risks ◦ As a formality, I still need to hear back from the Security Team that this doesn't need to go into their queue instead https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123738#22 I do agree that this would be inappropriate as a backport. Thank you
--- Begin Message ---Thank you Matthias; I'm glad this issue was given scrutiny upstream and made into a new release which you uploaded to unstable. In my opinion, this is an important issue to fix in Trixie, and I think the upstream release should be appropriate as-is because it has minimal changes. Do you plan to get Release Team approval to make an upload to trixie-(proposed-)updates? It would be smart to let it migrate to testing and sit there for a few days first, I suppose. I can't make the official upload for this package as I'm not a Debian Developer, but if you would find it helpful, I'd be glad to stage changes on Salsa, test on Trixie, and secure Release Team approval for you. Let me know what your thoughts are.
signature.asc
Description: This is a digitally signed message part
--- End Message ---
signature.asc
Description: This is a digitally signed message part
