On Wed, Jul 1, 2020 at 11:02 PM Emilio Pozuelo Monfort wrote:
> jessie ELTS is already open (because jessie LTS should not). Having both
> receiving updates is actually more confusing, if you ask me.
I concur.
It'd be fairly confusing to figure out what goes where, given that
ELTS has opened its
Am 01.07.20 um 19:31 schrieb Emilio Pozuelo Monfort:
[...]
> Perhaps it would have made sense to not EOL jessie until stretch had actually
> become LTS.
^^
This. I don't understand why we don't wait for Stretch becoming LTS,
having upload privileges for
On 01/07/2020 19:26, Markus Koschany wrote:
>
> Am 01.07.20 um 19:14 schrieb Ansgar:
>> On Wed, 2020-07-01 at 18:38 +0200, Markus Koschany wrote:
>>> Am 01.07.20 um 11:27 schrieb Ansgar:
since LTS for Jessie has ended according to [1], can we disable uploads
and prepare for archiving the
Am 01.07.20 um 19:14 schrieb Ansgar:
> On Wed, 2020-07-01 at 18:38 +0200, Markus Koschany wrote:
>> Am 01.07.20 um 11:27 schrieb Ansgar:
>>> since LTS for Jessie has ended according to [1], can we disable uploads
>>> and prepare for archiving the release?
> [...]
>> Please wait another week with t
On Wed, 2020-07-01 at 18:38 +0200, Markus Koschany wrote:
> Am 01.07.20 um 11:27 schrieb Ansgar:
> > since LTS for Jessie has ended according to [1], can we disable uploads
> > and prepare for archiving the release?
[...]
> Please wait another week with the deactivation of jessie-security. This
> e
Hello,
Am 01.07.20 um 11:27 schrieb Ansgar:
> Hi,
>
> since LTS for Jessie has ended according to [1], can we disable uploads
> and prepare for archiving the release?
>
> I want to:
>
> 1. Stop accepting anything.
> 2. Have one Release with no Valid-Until for archive.d.o (to try to
>make so
On 01/07/2020 12:40, Emilio Pozuelo Monfort wrote:
> On 01/07/2020 11:27, Ansgar wrote:
>> 5. Import to archive.d.o
>> 6. Remove from security.d.o
>>
>> I can do (1), (2), (4) fairly quickly; the buildd team would need to
>> look at (3). Not sure when (5) and (6) happen, but it's never wrong to
>>
On Wed, Jul 01, 2020 at 11:27:38AM +0200, Ansgar wrote:
> Hi,
>
> since LTS for Jessie has ended according to [1], can we disable uploads
> and prepare for archiving the release?
>
> I want to:
>
> 1. Stop accepting anything.
> 2. Have one Release with no Valid-Until for archive.d.o (to try to
>
Hi Ansgar,
On 01/07/2020 11:27, Ansgar wrote:
> Hi,
>
> since LTS for Jessie has ended according to [1], can we disable uploads
> and prepare for archiving the release?
Yes, let's do this.
>
> I want to:
>
> 1. Stop accepting anything.
> 2. Have one Release with no Valid-Until for archive.d.o
Hi,
since LTS for Jessie has ended according to [1], can we disable uploads
and prepare for archiving the release?
I want to:
1. Stop accepting anything.
2. Have one Release with no Valid-Until for archive.d.o (to try to
make some people happy...).
3. Have w-b/buildds no longer look at jessie
On Sat, Feb 01, 2020 at 03:28:09PM +, Mike Gabriel wrote:
> So, I'd like to play the ball back to Noah. Do you think, that applying the
> security patches is sufficient for spamassassin in stretch/buster? Or have
> their been so many other fixes(TM) that justify an upstream backport to
> jessie
Hi Salvatore, hi Noah,
On Sa 01 Feb 2020 14:01:36 CET, Salvatore Bonaccorso wrote:
Hi Mike,
On Fri, Jan 31, 2020 at 10:01:05PM +, Mike Gabriel wrote:
Hi Ola, Noah,
On Fr 31 Jan 2020 20:32:01 CET, Ola Lundqvist wrote:
> Hi
>
> Spamassassin (and a few other packages) are handled a littl
Hi Mike,
On Fri, Jan 31, 2020 at 10:01:05PM +, Mike Gabriel wrote:
> Hi Ola, Noah,
>
> On Fr 31 Jan 2020 20:32:01 CET, Ola Lundqvist wrote:
>
> > Hi
> >
> > Spamassassin (and a few other packages) are handled a little differently
> > compared to most packages in Debian.
> >
> > I'd advise
FYI, 3.4.4 was released two days ago...
and as spamassassin has been upstream version bumped in Debian
jessie LTS before, I am asking for your opinion, if you'd rather
recommend cherry-picking the fixes (which I haven't been able to
identify yet in upstream SVN) or simply upstream ve
Hi Ola, Noah,
On Fr 31 Jan 2020 20:32:01 CET, Ola Lundqvist wrote:
Hi
Spamassassin (and a few other packages) are handled a little differently
compared to most packages in Debian.
I'd advise that we go for the latest release. The only reason I see why we
would not, would be if we introduce s
2020 at 19:14, Noah Meyerhans wrote:
> On Fri, Jan 31, 2020 at 05:16:53PM +0100, Matus UHLAR - fantomas wrote:
> > > and as spamassassin has been upstream version bumped in Debian jessie
> > > LTS before, I am asking for your opinion, if you'd rather recommend
> >
On Fri, Jan 31, 2020 at 05:16:53PM +0100, Matus UHLAR - fantomas wrote:
> > and as spamassassin has been upstream version bumped in Debian jessie
> > LTS before, I am asking for your opinion, if you'd rather recommend
> > cherry-picking the fixes (which I haven't
upstream version bumped in Debian jessie LTS before, I am asking for
your opinion, if you'd rather recommend cherry-picking the fixes
(which I haven't been able to identify yet in upstream SVN) or simply
upstream version bump spamassassin in jessie LTS once more.
@LTS team: sharing you
Hi Noah, dear LTS contributors,
I am about to look into CVE-2020-1930 and CVE-2020-1931 reported
against spamassassin.
The issues have been fixed in 3.4.4~rc1 and as spamassassin has been
upstream version bumped in Debian jessie LTS before, I am asking for
your opinion, if you'd r
Hi Moritz,
On Wednesday, 12 December 2018, Moritz Mühlenhoff wrote:
> On Wed, Dec 12, 2018 at 03:46:10PM +, Mike Gabriel wrote:
> > Hi Moritz,
> >
> > On Di 11 Dez 2018 22:15:33 CET, Moritz Mühlenhoff wrote:
> >
> > > On Tue, Dec 11, 2018 at 04:42:17PM +, Mike Gabriel wrote:
> > > > Fro
On Wed, Dec 12, 2018 at 03:46:10PM +, Mike Gabriel wrote:
> Hi Moritz,
>
> On Di 11 Dez 2018 22:15:33 CET, Moritz Mühlenhoff wrote:
>
> > On Tue, Dec 11, 2018 at 04:42:17PM +, Mike Gabriel wrote:
> > > From my understanding the potential remote code executions that are
> > > mentioned in
Hi Moritz,
On Di 11 Dez 2018 22:15:33 CET, Moritz Mühlenhoff wrote:
On Tue, Dec 11, 2018 at 04:42:17PM +, Mike Gabriel wrote:
From my understanding the potential remote code executions that are
mentioned in the CVE descriptions are triggered by a malign server and the
code executions then
On 2018-12-11 22:15, Moritz Mühlenhoff wrote:
On Tue, Dec 11, 2018 at 04:42:17PM +, Mike Gabriel wrote:
From my understanding the potential remote code executions that are
mentioned in the CVE descriptions are triggered by a malign server and the
code executions then happen on the client si
On Tue, Dec 11, 2018 at 04:42:17PM +, Mike Gabriel wrote:
> From my understanding the potential remote code executions that are
> mentioned in the CVE descriptions are triggered by a malign server and the
> code executions then happen on the client side.
Thanks for background.
Security issues
Gah. Forgot to fix the CC here as well, sorry for the noise.
On 2018-12-11 10:05:53, Antoine Beaupré wrote:
> On 2018-12-10 17:44:51, Mike Gabriel wrote:
>> Hi,
>>
>> I'd like to discuss the possible pathways for getting FreeRDP fixed in
>> Debian jes
Hi Moritz,
On Mo 10 Dez 2018 22:30:34 CET, Moritz Mühlenhoff wrote:
On Mon, Dec 10, 2018 at 05:44:51PM +, Mike Gabriel wrote:
Hi,
I'd like to discuss the possible pathways for getting FreeRDP fixed in
Debian jessie LTS (and Debian stretch, too).
debian-security@ldo is not the p
On 2018-12-10 17:44:51, Mike Gabriel wrote:
> Hi,
>
> I'd like to discuss the possible pathways for getting FreeRDP fixed in
> Debian jessie LTS (and Debian stretch, too).
>
> Last week I talked to Bernhard Miklautz (one of the FreeRDP upsteam
> maintainers and the ac
On Mon, Dec 10, 2018 at 05:44:51PM +, Mike Gabriel wrote:
> Hi,
>
> I'd like to discuss the possible pathways for getting FreeRDP fixed in
> Debian jessie LTS (and Debian stretch, too).
debian-security@ldo is not the proper contact address, I've fixed
the recipien
Hi,
I'd like to discuss the possible pathways for getting FreeRDP fixed in
Debian jessie LTS (and Debian stretch, too).
Last week I talked to Bernhard Miklautz (one of the FreeRDP upsteam
maintainers and the actual packager of FreeRDPv2 in Debian).
1. Looking at fixing FreeRDP v1
On Wed, 2017-10-11 at 22:41 +0200, Tobias Köck wrote:
> Hi Adam,
>
> I have found it in the documentation. Thank's for your advice.
Predictably, I only received this after sending a reply to your
previous mail.
Hopefully it will be useful for anyone having similar queries in
future.
Regards,
A
On Wed, 2017-10-11 at 22:36 +0200, Tobias Köck wrote:
> Hi Adam,
> > They appear to be entirely missing
> > security.debian.org, which is a) quite important and b) where the
> > LTS
> > suites are hosted.
>
> No of course they are there, too. Thanks for asking.
> Is the the security apt source sup
Hi Adam,
I have found it in the documentation. Thank's for your advice.
signature.asc
Description: OpenPGP digital signature
Hi Adam,
>They appear to be entirely missing
> security.debian.org, which is a) quite important and b) where the LTS
> suites are hosted.
No of course they are there, too. Thanks for asking.
Is the the security apt source supported by LTS, too? Didn't see that in
the documentation.
> Regards,
>
> A
On Wed, Oct 11, 2017 at 09:21:12PM +0100, Adam D. Barratt wrote:
> > yes.
>
> Well, no, unless something is changing fundamentally between wheezy-lts
> and jessie-lts in ways that haven't been communicated.
right.
> Tobias, are those really the only entries in your sources.list (and any
> sour
On Wed, 2017-10-11 at 20:10 +, Holger Levsen wrote:
> On Wed, Oct 11, 2017 at 10:05:14PM +0200, Tobias Köck wrote:
> > does that mean if I don't touch the sources.list with
> >
> > deb http://deb.debian.org/debian/ jessie main
> > deb-src http://deb.debian.org/
On Wed, Oct 11, 2017 at 10:05:14PM +0200, Tobias Köck wrote:
> does that mean if I don't touch the sources.list with
>
> deb http://deb.debian.org/debian/ jessie main
> deb-src http://deb.debian.org/debian/ jessie main
>
> deb http://deb.debian.org/debian/ jessie-upda
Hi,
does that mean if I don't touch the sources.list with
deb http://deb.debian.org/debian/ jessie main
deb-src http://deb.debian.org/debian/ jessie main
deb http://deb.debian.org/debian/ jessie-updates main
deb-src http://deb.debian.org/debian/ jessie-updates main
it will automatically s
On Wed, 2017-10-11 at 17:02 +0200, Tobias Koeck wrote:
> Hi,
>
> I still have some Debian Jessie server running. Now I am wondering if I
> should change the sources.list to jessie-lts or do I have to wait until
> next year to switch?
You're probably remembering Squeeze L
On 10/11/2017 09:02 AM, Tobias Koeck wrote:
> I still have some Debian Jessie server running. Now I am wondering if I
> should change the sources.list to jessie-lts or do I have to wait until
> next year to switch?
FWIW. I have a number of Debian releases on my servers: Wheezy, Je
On Wed, Oct 11, 2017 at 05:02:24PM +0200, Tobias Koeck wrote:
>Hi,
>
>I still have some Debian Jessie server running. Now I am wondering if I
>should change the sources.list to jessie-lts or do I have to wait until
>next year to switch?
>
Jessie is still
Hi,
I still have some Debian Jessie server running. Now I am wondering if I
should change the sources.list to jessie-lts or do I have to wait until
next year to switch?
Greetings and thanks,
Tobias
41 matches
Mail list logo
