Package: tracker.debian.org
Severity: normal
The last point release for buster updated various packages. The packages
updated as part of the release are showing up under "news", but the respective
versions are not updated in the "versions" table on the left.
And likewise for "versioned links". Tw
Package: tracker.debian.org
Severity: normal
The PTS shows no-dsa security issues as "Ignored security issue",
but that's wrong: They are not ignored per se, it only means they
don't warrant an immediate DSA. They can stable through a point
release or they're lined up, they can be piggybacked on a
Package: qa.debian.org
Severity: normal
Hi,
please list squeeze-lts in the "versions" table of the PTS.
Since there won't be further updates to squeeze-security
after the final Squeeze point release, this can simply
replace the old "old-sec" entry.
Cheers,
Moritz
--
To UNSUBSCRIBE, ema
On Wed, Apr 14, 2010 at 07:02:05PM +0900, Hideki Yamane wrote:
> Hi,
>
> Should security tracker and PTS track terminated oldstable security issue
> as open?
>
> For exapmle, http://security-tracker.debian.org/tracker/CVE-2007-5935
> only affects to etch, however it and PTS says that is "open
On Thu, Mar 19, 2009 at 10:55:31PM +0100, Frank Lichtenheld wrote:
> On Thu, Mar 19, 2009 at 09:00:26PM +0100, Josselin Mouette wrote:
> > Please remove gtk+1.2 from unstable. The last upstream release was 8
> > years ago, and there isn???t any kind of maintenance happening on it,
> > either upst
Package: qa.debian.org
Severity: wishlist
It would be really useful if the PTS would contain a link to the website
needed to edit/review a package's debtags, i.e.
http://debtags.alioth.debian.org/edit.html?pkg=PACKAGENAME
Cheers,
Moritz
-- System Information:
Debian Release: 5.0
APT pr
gregor herrmann <[EMAIL PROTECTED]> wrote:
>
> --v9Ux+11Zm5mwPlX6
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> On Sat, 26 Jul 2008 23:49:26 +0200, Frank Lichtenheld wrote:
>
>> > I would be glad if someone uploaded this
Frank Lichtenheld wrote:
> On Wed, Jul 23, 2008 at 10:28:33PM +0200, Moritz Muehlenhoff wrote:
> > perlftlib can be removed, I've sponsored the last package build-depending
> > on it recently and it's coupled to freetype 1, which won't be included
> > in Lenny.
Outdated documentation (Easily accessible online, outdated docs cause more harm
than benefit):
autobook- non-free, orphaned since 2005, newer release available, ITA w/o
activity since januaray
ggi-doc - docs are from 2004, while ggi versions in Debian are recent
bazaar-doc
Frank Lichtenheld wrote:
>
> This time I've gone trough the list of long orphaned packages.
>
> falconseye orphaned > 3 years, no ITA ever, game, nethack-port,
> popcon 315/35/252/22/6
This is dead upstream. Instead of adopting it, energy should rather be
spend on packaging on o
perlftlib can be removed, I've sponsored the last package build-depending
on it recently and it's coupled to freetype 1, which won't be included
in Lenny.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Barry deFreese <[EMAIL PROTECTED]> wrote:
> Hi folks,
>
> Just an update on the libttf2 issues. These are the last packages left
> depending on libttf2:
>
> xgdvi, tex-guy, spawx11, spawg - Source package tex-guy. Haven't looked
> to deep into these yet.
>
> vgrabbj - Builds without libttf but d
On 2008-04-11, Barry deFreese <[EMAIL PROTECTED]> wrote:
> Moritz Muehlenhoff wrote:
>>
>> I've filed a removal bug against koala, but will leave amaterus up to
>> the QA group to decide.
>>
>> Cheers,
>> Moritz
>>
> After some
On Fri, Apr 11, 2008 at 09:55:36AM +0200, Andreas Barth wrote:
> * Moritz Muehlenhoff ([EMAIL PROTECTED]) [080410 23:31]:
> > There are only three packages left, which build depend on libxml-dev
> > (r-cran-xml and cadaver have only alternate libxml2-dev | libxml-dev
> > dep
Lucas Nussbaum wrote:
> On 27/03/08 at 10:12 +, Debian Bug Tracking System wrote:
> > Processing commands for [EMAIL PROTECTED]:
> >
> > > severity 453487 serious
> > Bug#453487: Should this package be orphaned?
> > Severity set to `serious' from `important'
>
> Hi,
>
> We really need to cla
On 2008-02-04, Barry deFreese <[EMAIL PROTECTED]> wrote:
> Hi folks,
>
> I've uploaded a version of imlib that fixes an important and RC bug. If
> someone has time to review/sponsor.
>
> I'm aware of the two lintian warnings about the soname not matching the
> package name but I didn't want to i
Raphael Hertzog wrote:
> On Wed, 16 Jan 2008, Moritz Muehlenhoff wrote:
> > It would be good if the PTS would link to the Debian Security Tracker.
> >
> > The URL format is
> > http://security-tracker.debian.net/tracker/source-package/SRCPKGNAME
>
> Can you p
Package: qa.debian.org
Severity: wishlist
It would be good if the PTS would link to the Debian Security Tracker.
The URL format is
http://security-tracker.debian.net/tracker/source-package/SRCPKGNAME
Cheers,
Moritz
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
Lucas Nussbaum <[EMAIL PROTECTED]> wrote:
> While working on packages with a lot of bugs, I noticed the state of
> coreutils: there hasn't been any maintainer upload to unstable since
> 08/2006,
The last upload of 6.10 to experimental is from December 2007, though.
Cheers,
Moritz
--
T
Paul Wise <[EMAIL PROTECTED]> wrote:
> On Jan 15, 2008 6:29 AM, Jack T Mudge III <[EMAIL PROTECTED]> wrote:
>
>> Sometimes I wish there were a security warning system in dpkg. Say, a user
>> loads up Synaptic (or Adept, depending), and when they try to install a
>> dangerous package -- maybe a ser
Kumar Appaiah wrote:
> Hope this helps. Also, in case you do file oldlib transition bugs,
> please try to adhere to the usertags I have used, or tell me the bug
> numbers, and I can usertag them.
Half a year ago I filed bugs against packages still using freetype1.
Several have been fixed by now, b
On 2007-11-02, Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote:
> It was reported to the Security Team, that groovy embeds a lot of packages,
> several of them security-sensitive:
>
> /usr/share/groovy/lib/axion-1.0-M3-dev.jar
> /usr/share/groovy/lib/commons-collections-3.0-
It was reported to the Security Team, that groovy embeds a lot of packages,
several of them security-sensitive:
/usr/share/groovy/lib/axion-1.0-M3-dev.jar
/usr/share/groovy/lib/commons-collections-3.0-dev2.jar
/usr/share/groovy/lib/commons-httpclient-2.0.1.jar
/usr/share/groovy/lib/nekohtml-0.7.7.
Ana Guerrero wrote:
> Package: nagi
> Description: game interpreter for Sierra Online (tm) AGI games
> AGI, or the Adventure Game Interpreter, was developed and used by Sierra
> Online for their games, most notably the famous "Quest-series" in the late
> 1980's. Nagi is an open source interprete
On Wed, Aug 08, 2007 at 12:13:51PM +0200, Thijs Kinkhorst wrote:
> On Tuesday 7 August 2007 01:24, Moritz Muehlenhoff wrote:
> > I've seen that lxdoom has been orphaned. It can be safely removed:
> > While lxdoom is completely dead upstream, we have a cleaned-up
> > for
I've seen that lxdoom has been orphaned. It can be safely removed:
While lxdoom is completely dead upstream, we have a cleaned-up
fork of lxdoom in the archive, which is actively maintained: prboom.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [
Jérémy Bobbio wrote:
> Here's the ideas that I have heard (and written) during the "Supporting
> 15.000 packages" BoF which happened during DebConf7. I should probably
> have posted this earlier, but, well, better now than never...
Thanks for taking notes.
> The security team is already overloa
These two orphaned packages should be removed:
- sarien is obsolete, the code base has been merged in the ScummVM
engine and will appear in the upcoming 0.10 release.
- gs-afpl is obsolete, current Ghostscript development is done
on GPL basis, see http://www.ghostscript.com
Cheers,
M
Nathanael Nerode wrote:
> tidev-modules: 43 (9 votes)
This is now part of the linux-2.6 package.
> In "non-free":
> qla2x00: 11 (4 votes)
> -- this should be expected to have low popcon counts.
>But if nobody cares enough to fix the bugs (I don't),
>removal should be requested: it is non-
Nathanael Nerode wrote:
> sctplib: 8 (1 vote)
> socketapi: 5
This can probably be removed; there's now an SCTP implementation inside
the kernel and the version above might very well be outdated wrt to
the current standard. (it's from September 2005)
Cheers,
Moritz
--
To UNSUBSCRIBE, em
Kapil Hari Paranjape wrote:
> Regarding conflicts like that between "slang-slirp" and "slirp".
> (see recent bugs filed by Michael Ablassmeier <[EMAIL PROTECTED]>
> http://bugs.debian.org/cgi-bin/[EMAIL PROTECTED]
> ).
>
> I feel that this a currently an area not addressed by policy
> sufficiently
Hi,
I noticed that gpdf has been orphaned as current Gnome has switched
to evince as the PDF viewer. The problem is that gpdf still embeds
a complete copy of the xpdf code base. xpdf has a poor security
history and I expect more issues to pop up during the 30 months of
Etch security support. Please
I'd like to suggest to remove libjpeg-mmx, it adds libjpeg code duplication
requiring duplicate DSAs for libjpeg security problems, only provides static
libs, is dead upstream, RC buggy and according to Google the performance
gains are marginal.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
wit
When looking over open security issues in Sarge I noticed websieve.
Any objections against filing a bug asking for it's removal?
It's security-flawed (would need thorough review beside the already
reported issue), dead upstream (last release in 2004) and has very
few users.
Cheers,
Moritz
On 2006-04-03, Matej Vela <[EMAIL PROTECTED]> wrote:
> Martin Michlmayr <[EMAIL PROTECTED]> writes:
>
>> Can someone please check if those packages should be removed from the
>> archive:
> [...]
>> ieee80211
> [...]
>
> ipw2100 depends on it (along with ipw2200, but the latter is
> orphaned). Seba
ipw2200 and ieee80211 have been orphaned a few days ago. Since both are present
in current 2.6 kernels (2.6.14 onwards) I'd recommend to remove them right away.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Steve Langasek wrote:
>> > In fact, please do this asap, because of the stack smash bug. Also
>> > change urgency to at least medium, and provide a patch to the security
>> > team, since the package is in stable.
>
> Is it confirmed that this stack smash bug is a security vulnerability? Not
> all
Marc Singer wrote:
>> You need to replace xlibs-dev dependency by the appropriate dev-packages
>> that it has been split up into (in the case of buici-clock, those
>> probably are libx11-dev, libxext-dev, x-dev).
>
> Already done. This new problem is due to the change. I used the
> proscribed scr
Hi,
oops in sid hasn't received the sid fix for DSA-726 for three months now,
and another security report hasn't received a reply for three weeks.
There are 1.5 years old RC portability bugs as well, last maintainer upload
was 14 months ago. So oops should really be orphaned. Given the fact that
it
In debian-qa you wrote:
>> So I'm personally inclined not to let it linger for a while on the grounds
>> that it's got security issues, and just get it the hell out of the archive.
>> It's not like Debian's short of webmail packages.
>
> I stopped looking at this point. The code is rife with vulne
Hi,
I'd like to suggest the removal of "Double Choco Latte" (dcl):
- It has two RC bugs, one claiming that's it's unusable and the
other one a security issue
- The version in sid is two years old and several versions behind
upstream
- It's orphaned for nearly a year and the only attempt to ado
Francesco P. Lovergine wrote:
>> I'm also afraid that close to the Sarge release, next version of
>> Bugzilla will be release, and the current version no more supported by
>> the upstream.
>
> Yep, I know. That could be a candidate for volatile section eventually.
Why? Typical candidates for volat
Moritz Muehlenhoff wrote:
> Thomas Bushnell BSG wrote:
>> So this is similar to my last item, but different. There are 1707
>> wishlist items in WNPP now. Maybe 10% of those are ITP.
>>
>> My suggestion is to leave alone any RFP from the past year. But older
>
Thomas Bushnell BSG wrote:
> I don't object to doing a cleanup now, but my QA bug here is not about
> doing one now, but about creating an infrastructure and record-keeping
> system that would provide advice and information.
This system could only trigger manual checks, it's close to impossible
to
Thomas Bushnell BSG wrote:
> So this is similar to my last item, but different. There are 1707
> wishlist items in WNPP now. Maybe 10% of those are ITP.
>
> My suggestion is to leave alone any RFP from the past year. But older
> ones should be dealt with, I think:
>
> Many are wontfix, usually b
Martin Michlmayr wrote:
> Well, they're orphaned so people had enough time. Hmm, it seems
> searchscripts depends on rxsock, o if we install rxsock now this
> package will be uninstallable. Can we remove searchscripts as well?
Judging from the package description the functionality seems to
be pr
Camm Maguire wrote:
> I'm a wee bit
> disappointed at this decision, though, as the main reason for keeping
> the older kernels around is to work with old machines with very
> limited resources, i.e. quasi-embedded. Can one get 2.4 and 2.6 into
> tiny enough form to run a 486 with a floppy only?
Martin Michlmayr wrote:
> > yadex is one of the 19 packages in sarge that haven't followed
> > the c102 transition yet. The package is not orphaned, but it's
> > maintainer has stated in #120284 that NMUs are okay and in fact
>
> The package is indeed orphaned (#201391)> Frederic Wagner said in
>
Hi QA folks,
yadex is one of the 19 packages in sarge that haven't followed
the c102 transition yet. The package is not orphaned, but it's
maintainer has stated in #120284 that NMUs are okay and in fact
all uploads after the initial release have been NMUs. I prepared
an update that rebuilds with cu
Camm Maguire wrote:
> In
> short, I have no objection to the removal of the packages unless their
> presence would facilitate an update of the package contents to the
> latest kernel, which I would like to effect, at least in the p3 and
> raid cases.
The security team has requested to trim down th
Hi,
prboom is orphaned since 342 and I thought I'd be a shame if it were
dropped for sarge. I built an updated packaged with the current upstream
stable version 2.3.0. This fixes 3 of the 5 outstanding bugs. The
remaining ones are a pretty obscure bugreport, which is either a
userside configuration
51 matches
Mail list logo
