Hi Samuel, On Sun, Jun 6, 2021 at 4:40 AM Samuel Henrique <samuel...@debian.org> wrote: > Is the LTS team interested in the fix? It's for a critical issue on > one script provided by the package, reported at #908623 and #932711: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908623 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932711 > > You can read more details about the fix and the general description of > the issue at the stretch-pu request #989502: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989502
Okay, reading through the bugs, it does make sense to fix it, but.. Is this package in a completely useless state w/o this? Alternatively, if this isn't fixed, will it have a high impact, et al? > If you believe it makes sense to fix this for stretch (without a DLA), > can you give me instructions on how to proceed or take over? Each update to stretch goes through the -security pocket and needs a DLA, irrespective of whether it's a security bug or not. In the past, we've fixed some non-security bugs[1], but we only fix them if the severity is high & the package is in a broken state altogether. [1]: https://lists.debian.org/debian-lts-announce/2021/03/msg00016.html So let me know if what you think about the questions above & we can take it from there? I'm also CC'ing Emilio, currently at FD, to TAL. - u
