Bug#619850: pu: package iceowl/1.0~b1+dfsg2-2.squeeze1.diff
On Wed, Jun 08, 2011 at 07:56:00PM +0100, Adam D. Barratt wrote:
> On Tue, 2011-06-07 at 09:25 +0200, Guido Günther wrote:
> > On Sun, May 08, 2011 at 02:35:19PM +0200, Guido Günther wrote:
> > > On Sat, Apr 30, 2011 at 04:57:53PM +0100, Adam D. Barratt wrote:
> > > > On Sun, 2011-03-27 at 22:27 +0200, Guido Günther wrote:,
> > > > > I'd like to push iceowl 1.0~b1+dfsg2-2.squeeze1 to squeeze proposed
> > > > > updates. It contains the same updates as current icedove.
> > > >
> > > > Presumably this now requires a further update, in light of at least
> > > > MFSA2011-12?
> > >
> > > Indeed. I've added all the patches that got added to xulrunner and
> > > icedove recently (attached).
> > Ping. Can this be pushed to s-p-u?
> I hadn't realised the above was as long ago as it was; apologies for
> that. However, the main reason I'd left it flagged as waiting was the
> hope of a response to...
> > > > I do note that the discussion before the release about updating iceowl
> > > > in stable very much implied that security updates would be pushed via
> > > > the security archive, albeit not as the security team's top priority.
> > >
> > > The update in stable was necessary to move iceowl to the same codebase
> > > as icedove/xulrunner making it possible to reuse the patches. I'm
> > > putting the security team on cc: so we can figure out how to best get
> > > the updated iceowl versions into stable.
> ... this. There doesn't appear to have been any follow-up from the
> security team on the bug; has there been any discussion elsewhere?
Not that I know of. I think README.Debian still holds:
# There's no upstream security support for iceowl and iceowl-extension since
# lightning is still under development without an officially supported version by
# upstream. New lightning upstream versions add features and require new
# icedove/thunderbird versions to function.
# Therefore Debian doesn't offer official security support for this package.
Nevertheless we should fix what is easily fixable.