[Trimmed the cc list]
On Thu, 2018-04-12 at 18:39 +0100, Ben Hutchings wrote:
> On Thu, 2018-04-12 at 17:00 +0100, Ben Hutchings wrote:
[...]
> > I didn't know how it worked, only that it does work. Anyway, I've
> > looked now and I think you need to apply the following patch:
> >
> > --- gcc-4.
Hi,
I've done a small update of the qemu packages to fix a rather serious
vulnerability:
https://security-tracker.debian.org/tracker/CVE-2018-7550
The fix is pretty trivial but I figured I would share it here because I
do not have a very good way of testing this directly here.
As usual, the sig
Hi
Now I understand better. I thought postponed was used for updates in next
point release. Now I understand the difference. In this case I think it
would be good if it is more visible in the security tracker so people who
update the package next time will not ignore it.
Best regards
// Ola
On
On Thu, 2018-04-12 at 17:00 +0100, Ben Hutchings wrote:
> On Tue, 2018-04-03 at 05:52 -0400, Roberto C. Sánchez wrote:
> > On Mon, Apr 02, 2018 at 01:45:40AM +0100, Ben Hutchings wrote:
> > >
> > > I would suggest looking at how non-default compiler versions are built
> > > in other suites.
> > >
On Tue, 2018-04-03 at 05:52 -0400, Roberto C. Sánchez wrote:
> On Mon, Apr 02, 2018 at 01:45:40AM +0100, Ben Hutchings wrote:
> >
> > I would suggest looking at how non-default compiler versions are built
> > in other suites.
> >
> > Ben.
> >
>
> Hi Ben,
>
> Could you provide some more specifi
Hi
On Thu, Apr 12, 2018 at 03:44:36PM +0200, Ola Lundqvist wrote:
> I do not think we really have the possibility to postpone issues in LTS,
> right?
Sure, it is possible it's not different as for the security team. Say
src:a has issue CVE-2018-12345, this not warrant an immediate DLA, but
it's i
On Thu, Apr 12, 2018 at 03:44:36PM +0200, Ola Lundqvist wrote:
> I do not think we really have the possibility to postpone issues in LTS,
> right?
Why would you not?
Hi
Isn't the main question whether postponed for LTS is relevant? Either it
should be ignored or fixed.
The trigger should be that if main Security team has marked something as
posponed it should be listed in the wheezy todo list until it is marked as
ignored.
If we decide to ignore it then it s
Hi
Yes I forgot to push my changes. Thanks for handling it for me.
// Ola
On 12 April 2018 at 14:14, Ola Lundqvist wrote:
> Hi
>
> I thought I did. Maybe I forgot to push my changes.
>
> Thanks for resolving it.
>
> // Ola
>
> On 11 April 2018 at 22:18, Antoine Beaupré
> wrote:
>
>> On 2018-0
Hi
I thought I did. Maybe I forgot to push my changes.
Thanks for resolving it.
// Ola
On 11 April 2018 at 22:18, Antoine Beaupré wrote:
> On 2018-04-10 14:33:28, Ola Lundqvist wrote:
> > Hi Salvatore
> >
> > Great. Thanks. Then we do not need to do anything more to libgcrypt. I'll
> > remove
On 2018-04-12 10:17:25, Raphael Hertzog wrote:
> Hi,
>
> On Wed, 11 Apr 2018, Antoine Beaupré wrote:
>> 1. removing the package from dla-needed.txt
>> 2. adding the package as unsupported in debian-security-support
>> 3. (do we send end-of-life announcements to debian-lts-announce when we
>> do
Hi,
On Wed, 11 Apr 2018, Antoine Beaupré wrote:
> 1. removing the package from dla-needed.txt
> 2. adding the package as unsupported in debian-security-support
> 3. (do we send end-of-life announcements to debian-lts-announce when we
> do that?)
It's easy to mark packages as unsupported and t
Brian,
> Not sure I understand this comment from dla-needed.txt:
Sorry, I did not see your comment until now.
> The patch - good version at [..] doesn't touch the files noted
> above.
The patch adds a call to make_tempfile (or similar) which uses
utility functions from these aforementioned file
13 matches
Mail list logo
