Bug#1006633: procmail is unmaintained upstream

2022-03-03 Thread Antoine Beaupré
On 2022-03-03 09:15:51, Stephen R. van den Berg wrote: > On Wed, Mar 2, 2022 at 3:30 PM Antoine Beaupré wrote: > >> Do you plan to pass a significant security audit over the procmail code >> base and fuzz the binary? > > A binary fuzz is being planned, but if anyone has a ready setup which I can >

Bug#1006633: procmail is unmaintained upstream

2022-03-03 Thread Stephen R. van den Berg
On Wed, Mar 2, 2022 at 3:30 PM Antoine Beaupré wrote: > Do you plan to pass a significant security audit over the procmail code > base and fuzz the binary? > A binary fuzz is being planned, but if anyone has a ready setup which I can run, it would be much appreciated. A security audit I did, tw

Bug#1006633: procmail is unmaintained upstream

2022-03-02 Thread Antoine Beaupré
Hi Stephen (and Santiago), Do you plan to pass a significant security audit over the procmail code base and fuzz the binary? I don't think fixing the handful of security issues that were publicly disclosed is enough, to be honest. I don't know how else to put this; I am truly grateful for the am

Bug#1006633: procmail is unmaintained upstream

2022-03-02 Thread Stephen R. van den Berg
On Wed, Mar 2, 2022 at 11:28 AM Santiago Vila wrote: > Note: It's almost always better not to include a debian/* directory at all. > Noted. Incidentally, all historical release tags are now back in the repository for as long as the repository goes back. -- Stephen.

Bug#1006633: procmail is unmaintained upstream

2022-03-02 Thread Santiago Vila
El 2/3/22 a las 11:07, Stephen R. van den Berg escribió: I'd be willing to include a Debian directory with all the things you need to ease Debian packaging, just tell me what I should put in there. Note: It's almost always better not to include a debian/* directory at all. Thanks.

Bug#1006633: procmail is unmaintained upstream

2022-03-02 Thread Stephen R. van den Berg
As of May 2020, the dormant state of procmail upstream maintenance has been changed back to active. As Santiago Vila can attest to, I have taken up active maintenance of procmail again since the past two years (lockdowns appear to have its uses after all). All bugreports have been actively fixed s

Bug#1006633: procmail is unmaintained upstream

2022-03-01 Thread Antoine Beaupré
On 2022-03-01 15:37:42, Santiago Vila wrote: > severity 1006633 important > retitle 1006633 procmail is unmaintained upstream I think that title is a mischaracterisation. Procmail is not just unmaintained upstream, it's known to be insecure. > Hi. Hi, > I could understand that we want to get ri

Bug#1006633: procmail is unmaintained upstream

2022-03-01 Thread Santiago Vila
severity 1006633 important retitle 1006633 procmail is unmaintained upstream Hi. I could understand that we want to get rid of unmaintained software, but please do not inflate severities, at least while the discussion takes place and a consensus that the package should be removed has not been