Hi Antoine, sorry for my silence on this. I've been pondering what the best cause of action would be, whether I should defer the final decision to Raphael, or decide on my own.
On Tue, Jan 29, 2019 at 01:48:18PM -0500, Antoine Beaupré wrote:
> On 2019-01-22 15:21:19, Daniel Kahn Gillmor wrote:
> > If i was responsible for maintaining jessie, i'd prefer to go the route
> > of the backported fixes, but i don't have the capacity to spend a lot of
> > time on jessie itself, so i guess my preferences should be weighed
> > accordingly.
>
> So I understand where you're coming from. As you suggested, however, I
> feel I should give more weight to my LTS and security team members in
> this specific case. If this was just enigmail and gpg, I would
> definitely defer to you as you are a core maintainer of those packages.
agreed (on both).
> The update touches much more than the gpg toolchain. I don't feel
> comfortable spending more time testing the repercussions of the change
> throughout the ever expending dependencies of gcrypt.
>
> So I will look at sending a EOL announcement on the mailing list soon,
> and do the required debian-security-support changes as well, unless
> someone objects by the end of the week. It's too bad all this work will
> get lost, but I don't have the energy to push this one against the tide
> anymore. And if someone would or could have picked it up, they would
> have done so already.
I (now) think that's a sensible cause of action.
I also think enigmail should be marked as not security supported in jessie
(anymore) in src:debian-security-tracker.
> The best course, at this point, seems to let this die already.
yes, as sad as it is that you spend quite some time on this...
& thank you for all your work on this, even if mostly in vain!
--
tschüß,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
