On Tue, 03 Sep 2013 15:06:14 +0200 Daniel Leidert wrote: [...] > Am Sonntag, den 25.08.2013, 12:19 +0200 schrieb Francesco Poli: [...] > > Could you please clarify the status of the bug? > > Thanks for your time! > > CCing release.d.o. > [...] > I'm hereby asking the release team how to proceed? The issue itself > seems to have been fixed inside Debian by fixing libgpgme++2, which has > already been done [3]. There might be third-party software out there > using libgpgme-pth.so or libgpgme++-pth.so. [...] > [3] http://packages.qa.debian.org/k/kdepimlibs/news/20130614T070347Z.html
Dear Daniel, first of all thanks for your kind reply. I waited some time before speaking again, as I was hoping to see some comments from other people, possibly members of the release team. Anyway, do I understand correctly that this issue has currently a practical impact only on boxes where non-packaged (== not included in Debian) programs or libraries which use libgpgme-pth.so or libgpgme+ +-pth.so are installed? Could you please confirm this? Please do not misunderstand me: I am not trying to argue about the severity of the bug (whether it is a Policy violation or not, and so forth...). I am just trying to clarify which users should avoid upgrading libgpgme11 because of this issue and which users may safely upgrade without worrying to break their systems. Please let me know. Thanks for your time. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
pgpaKoGQUkWBW.pgp
Description: PGP signature
