Thunderbird 52.9.0 for LTS?
Hello Emilio, in the past I've also built the Thunderbird packages for jessie(-security) suite which is now covered by LTS. I can easily rebuild and upload the packages for jessie and Thunderbird now too but I'm not familiar with the needed steps and things inside the LTS team workflow. Guido gave me some hints but I guess it better to ask and clarify. I'm preparing right now the packages for stretch-security and will upload them over the weekend to security. So do you have an opinion on how to continue with Thunderbird for jessie-security? I'm fine if you want to do the packages for LTS on your own, the git tree for thunderbird is up to date for debian/sid. -- Regards Carsten Schoenert
Re: Thunderbird 52.9.0 for LTS?
Hi Carsten! On 07/07/18 10:17, Carsten Schoenert wrote: > Hello Emilio, > > in the past I've also built the Thunderbird packages for > jessie(-security) suite which is now covered by LTS. > > I can easily rebuild and upload the packages for jessie and Thunderbird > now too but I'm not familiar with the needed steps and things inside the > LTS team workflow. Guido gave me some hints but I guess it better to ask > and clarify. > > I'm preparing right now the packages for stretch-security and will > upload them over the weekend to security. So do you have an opinion on > how to continue with Thunderbird for jessie-security? I'm fine if you > want to do the packages for LTS on your own, the git tree for > thunderbird is up to date for debian/sid. Since I had done the previous updates for wheezy, I did this one for jessie since it's now LTS. The update is ready, I'm just waiting for the stretch update so that we don't end with a higher version in jessie if that gets delayed. I will push the changes to the jessie branch when I upload it. For future updates, if you want to prepare them that would be fine. If you also want to test and release them that's cool too. The final step is to announce them (for which you need to grab a DLA number). I can explain you the steps to do that, or again I or someone from the team could do it, as you prefer. Cheers, Emilio
Re: Thunderbird 52.9.0 for LTS?
Hello Emilio and Security-Team, while preparing the stretch-security package for Thunderbird upstream has announced just right now via the private driver mailing list to stop the current automatic updates for 52.9.0 due a critical issue [1] that can bring in some data loss while working with attachments. So I decided to open a bug [2] with severity grave against the version of thunderbird in unstable to prevent the migration to testing for now. But this means also we shouldn't deliver version 52.9.0 in any -security release for now. So I will not upload my prepared packages for stretch-security as I think Mozilla will provide a fix for the new issue within the next days. Or there are other objections? Am 07.07.18 um 10:54 schrieb Emilio Pozuelo Monfort: > Hi Carsten! > > On 07/07/18 10:17, Carsten Schoenert wrote: >> Hello Emilio, >> >> in the past I've also built the Thunderbird packages for >> jessie(-security) suite which is now covered by LTS. >> >> I can easily rebuild and upload the packages for jessie and Thunderbird >> now too but I'm not familiar with the needed steps and things inside the >> LTS team workflow. Guido gave me some hints but I guess it better to ask >> and clarify. >> >> I'm preparing right now the packages for stretch-security and will >> upload them over the weekend to security. So do you have an opinion on >> how to continue with Thunderbird for jessie-security? I'm fine if you >> want to do the packages for LTS on your own, the git tree for >> thunderbird is up to date for debian/sid. > > Since I had done the previous updates for wheezy, I did this one for jessie > since it's now LTS. The update is ready, I'm just waiting for the stretch > update > so that we don't end with a higher version in jessie if that gets delayed. I > will push the changes to the jessie branch when I upload it. I'm fine with this. > For future updates, if you want to prepare them that would be fine. If you > also > want to test and release them that's cool too. The final step is to announce > them (for which you need to grab a DLA number). I can explain you the steps to > do that, or again I or someone from the team could do it, as you prefer. If we can a have look at this at DebConf e.g. I gladly will follow any existing procedures if I know what and how to do. Maybe it is completely different with 60.x releases related to the needs for rustc and cargo and some time constrains on my side then, but this we will see once we are there. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1473893 [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903160 -- Regards Carsten Schoenert
LTS report for June 2018 - Abhijith PA
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 June 2018 was my fifth month as a Debian LTS paid contributor. I was assigned 10 hours but I only able to do 8. Carrying rest to next month. I have spent these hours on; * ansible: Marked CVE-2016-8614 and CVE-2016-8628 as not-affecting. The first one is reported against sub project of ansible which only merged to core in v2.3. Working on two new CVEs that just piled up. * enigmail: Researched on upstream commit histories for the CVE-2017-17688, efail. * phpmyadmin: There were 13 security vulnerabilities reported on Jessie. Backported 11 of them of which some are prepared before Jessie reaching LTS but couldn't upload. Rest are marked as not affecting. Thanks to Emilio Pozuelo for taking care of broken CVE-2016-6616.patch and sponsoring upload[1]. - -- Abhijith PA [1] - https://lists.debian.org/debian-lts-announce/2018/07/msg6.html -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAltAryAACgkQhj1N8u2c KO+iVhAAgLTyUal0kEP8ei2UqFFRz5FwiHkY1jI5ELKIIabc9znLAfLFkMb5u3pi s7xTfB3gLpvs2t0p82pv5rVu7HhmyT14M3DeLD0V2cvUbjd7AjiUpxxF5lxNDbSD lAYYVtwgTYWULwH4DeNTaToX0jF0T6T0Qk5BA02hXYYKbkh+9SokWME1IN9GSOrX tMxlEeK07ITEmgbd6zyzaNmu7oqaSCPJmhdIfmsI2mcR62fdKl1i5rRREo/SvTBH RGgtiqMRoZtmasABdlvZO9oo/Fx4cZfg2C2/4SijbXtZGrePko62FB94FqKCPOQM RHNihHBKVTC73G1M/WgpoxDhEqaE9Gi/JJviso5oi3WQG2e2gwnTzaQ2rbtPssSA PMwNtNZwE2xDNZKKDgGzL+nmhg/qpyJmXWwk2ZB5gmDHcxgJPXJ4mwHP+R5feuEW EaFf1VYn7OQtpmx6xqN2AEJb+OMPF8e3H/6SETfCgXIcWB3LU0ojMXECV2vQMMfv NSjpMWu2boW73086Dze6HkIGgyaULGmWecp6bf8Iz+tLo4YFsoGmIQKJvt119SCh klVES9gBhCT26CQagjeaGlQeL+L/7+gZ46Rd3SQMkSQpsshEIQR/qI7RwwxlJelF 1UjNeexfgYvvoL4IyfekY2W2RKEBySDzmhfE1Vc+pkUqGX5fBKc= =EiY/ -END PGP SIGNATURE-
