Hello Emilio and Security-Team, while preparing the stretch-security package for Thunderbird upstream has announced just right now via the private driver mailing list to stop the current automatic updates for 52.9.0 due a critical issue [1] that can bring in some data loss while working with attachments. So I decided to open a bug [2] with severity grave against the version of thunderbird in unstable to prevent the migration to testing for now.
But this means also we shouldn't deliver version 52.9.0 in any -security release for now. So I will not upload my prepared packages for stretch-security as I think Mozilla will provide a fix for the new issue within the next days. Or there are other objections? Am 07.07.18 um 10:54 schrieb Emilio Pozuelo Monfort: > Hi Carsten! > > On 07/07/18 10:17, Carsten Schoenert wrote: >> Hello Emilio, >> >> in the past I've also built the Thunderbird packages for >> jessie(-security) suite which is now covered by LTS. >> >> I can easily rebuild and upload the packages for jessie and Thunderbird >> now too but I'm not familiar with the needed steps and things inside the >> LTS team workflow. Guido gave me some hints but I guess it better to ask >> and clarify. >> >> I'm preparing right now the packages for stretch-security and will >> upload them over the weekend to security. So do you have an opinion on >> how to continue with Thunderbird for jessie-security? I'm fine if you >> want to do the packages for LTS on your own, the git tree for >> thunderbird is up to date for debian/sid. > > Since I had done the previous updates for wheezy, I did this one for jessie > since it's now LTS. The update is ready, I'm just waiting for the stretch > update > so that we don't end with a higher version in jessie if that gets delayed. I > will push the changes to the jessie branch when I upload it. I'm fine with this. > For future updates, if you want to prepare them that would be fine. If you > also > want to test and release them that's cool too. The final step is to announce > them (for which you need to grab a DLA number). I can explain you the steps to > do that, or again I or someone from the team could do it, as you prefer. If we can a have look at this at DebConf e.g. I gladly will follow any existing procedures if I know what and how to do. Maybe it is completely different with 60.x releases related to the needs for rustc and cargo and some time constrains on my side then, but this we will see once we are there. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1473893 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903160 -- Regards Carsten Schoenert
