Control: tag -1 = jessie pending On Sun, Jan 17, 2016 at 23:41:09 +0100, Gaudenz Steinlin wrote:
> > Control: clone 784373 -1 > Control: retitle -1 jessie-pu: package ceph/0.80.7-2+deb8u1 > Control: retitle 784373 jessie-pu: package ceph/0.80.11-1 (pre approval) > > Hi > > Gaudenz Steinlin <gaud...@debian.org> writes: > > > Hi Julien > > > > Do you need any additional information? I would like to have a decision > > on this soon as I really want to get at least CVE-2015-5245 fixed in the > > next Debian stable release. This is a minor security issue which was > > defered by the Security Team to a stable update and there was no DSA > > issued for it. > > > > To be able to prepare the upload for the stable release I need to know > > if you agree to follow the upstream maintenance releases or if I have to > > do an upload with only the security issue fixed. If I got the timing > > right, the next point release is still scheduled for 24th January. So > > there is only little time left to prepare the upload. > > > > As this is now undecided for quite a long time I would even prefer a NACK > > to having this unresolved any longer if you don't feel comfortable with > > the idea of having the maintenance releases in stable. This way I at > > least know that I don't have to bother anymore. > > > > If you don't want to rush things but are in gernal fine with the idea. > > I'm also fine with only fixing the security bug now as the time is quite > > tight and uploading 0.80.11 for the Debian 8.4 point release. > > As I did not get any feedback I have now uploaded ceph/0.80.7-2+deb8u1 > with only the security bug fixed. I think this is really the minimum > that should go into the next stable point release and I don't think > there is any concern about this. I cloned the original bug report to > track this jessie-pu request. The debdiff to the version currently in > stable is attached. It's minimal. > Thanks for bearing with me. Marked for acceptance into proposed-updates. > I would still appreciate an answer on #784373. Even if it's just the > stable team does not currently have the resources to evaluate this > request and therefore declines to make an exception to the usual stable > update rules. This would not be the answer I had hoped for, but at least > I then know that I don't have to invest more time into the 0.80.X series > of ceph. > Sorry I haven't managed to get back to this. Will let you know ASAP... Cheers, Julien
