Hi, Am Dienstag, den 18.04.2017, 08:19 +0000 schrieb Niels Thykier: > Moritz Muehlenhoff: > > On Fri, Apr 07, 2017 at 02:48:50PM +0200, Benjamin Drung wrote: > > > Package: release.debian.org > > > Severity: normal > > > User: release.debian....@packages.debian.org > > > Usertags: unblock > > > > > > Please unblock package salt > > > > > > 2016.11.2 is a bug-fix release for the 2016.11 series. It > > > contains > > > security fixes for CVE-2017-5192 and CVE-2017-5200. > > > > So what's the plan for stretch-security? Are the salt maintainers > > commiting > > to preparing security updates for it's lifetime? If not (as it > > happened for > > jessie), stable is better off without it. > > > > Cheers, > > Moritz > > > > Hi Benjamin, > > We are waiting for you to reply to the above mail before we can > process > this unblock request.
The jessie release predates my involvement in maintaining salt. I just looked at the open security issues for jessie and send a debdiff to the security team to fix most of them (one isn't easy to backport). I will do my best to prepare security updates for stretch's lifetime. Upstream will probably support the 2016.11 branch for one year or longer. After that, backports should be doable for most issues. -- Benjamin Drung System Developer Debian & Ubuntu Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Email: benjamin.dr...@profitbricks.com URL: http://www.profitbricks.com Sitz der Gesellschaft: Berlin. Registergericht: Amtsgericht Charlottenburg, HRB 125506B. Geschäftsführer: Andreas Gauger, Achim Weiss.
