Re: proftpd-dfsg upgrade (was: Re: Why are backports of Squeeze packages in etch-backports?)
On Fri, Mar 06, 2009 at 01:18:16PM +0100, Gerfried Fuchs wrote:
> * Francesco P. Lovergine <frankie@debian.org> [2009-03-06 12:02:10 CET]:
> > While on that. Current proftpd-dfsg in bpo needs upgrading for a couple security
> > issues fixed in lenny. Now, the questions:
>
> Do you have some reference for that? I don't see proftpd listed in
> <http://security-tracker.debian.net/tracker/status/release/oldstable-backports>
> nor in
> <http://security-tracker.debian.net/tracker/status/release/stable-backports>?
>
http://security-tracker.debian.net/tracker/source-package/proftpd-dfsg
> > * who is in charge for that?
>
> The same person that originally injected and is expected to maintain
> the package within backports, i.e. you. :)
>
> > * is the 1.3.1-15~bpo40+1 -> 1.3.1-17lenny2~bpo40+1 (wow!) the right
> > upgrade to consider? Or a more strict sec-only upgrade should be considered?
>
> Yes, that is the proper upgrade to consider - you might have wanted to
> upload 1.3.1-17 before it got touched by the security team anyway,
> depending on the changes.
>
> So long, and thanks for taking care of it!
> Rhonda
Well, currently 1.3.17-1 needs fixing anyway, so I would upload
the current backported 1.3.17lenny2.
--
Francesco P. Lovergine
Reply to: