On 09/14/2011 07:25 AM, Steve Langasek wrote: > Public bug reported: > > The dtc source package has never been included in a Debian release
That's wrong, it was, and it still is, in Lenny. > because it persistently has release-critical bugs in Debian No, it is not in Squeeze *because I asked for that*, since I didn't want to maintain version 0.30.0, and the release team refused to accept version 0.32 because it was too late in the freeze. > http://bugs.debian.org/src:dtc > > The Debian security team has recently requested the packages removal > from Debian altogether as a result. 1/ This is *not* the security team who did such request. Mike is from the release team. 2/ The removal request is mainly because of policy compliant issues. > http://bugs.debian.org/637509 > > The package has still not been removed because the package maintainer > objects and believes it's fine to keep it unreleased in unstable while > he works on the security issues. I think you don't understand at all what's happening. Absolutely *all* of the release-critical bugs have been dealt with, in both SID and in old-stable. Bugs are still opened because the old-stable packages hasn't reach yet the security mirrors. #637509 has been opened merely because of an opinion from Mike O'Connor that he thinks more security issues will be found. > However, failing to propagate to > testing doesn't keep the package out of Ubuntu releases; dtc has been > included in every Ubuntu release since at least hardy, carrying > significant security vulnerabilities. Which I systematically addressed by giving security updates. Please see the package history. I'm currently working on Ubuntu security releases, you can already use version 0.34.1 and 0.29.18, and I will be backporting bug fixes for other Ubuntu versions. > As suggested by Scott Kitterman, I therefore intend to remove dtc from > oneiric and blacklist it to prevent it from being reintroduced > accidentally. It would have been nice to get in touch with me first... Thomas Goirand (zigo) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/849544 Title: remove dtc from oneiric and blacklist: multiple security and policy bugs To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dtc/+bug/849544/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
