[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Upload of dpkg to sid?


On Thu, 11 Mar 2010, Sven Joachim wrote:
> since the upcoming 1.15.6 release is supposed to be targeted at
> experimental, I think it would be a good idea to fix the recently
> spotted path traversal/symlink vulnerabilities of dpkg-source in sid as
> well.

Well, it should not stay in experimental for too long IMO. And the the
security issue is minor when dpkg-source is not employed in some automatic
setup (dak setup for example).

So I think we can avoid that sid upload.

On the other hand, I wonder what to do with further work and translations.
It's likely that 1.15.6 is the last major update to sid targetting
squeeze. So when do we switch to "freeze mode" where translations are
updated in the sid/squeeze branch and where master points to the next
version 1.16.x ?

Raphaël Hertzog

Like what I do? Sponsor me: http://ouaza.com/wp/2010/01/05/5-years-of-freexian/
My Debian goals: http://ouaza.com/wp/2010/01/09/debian-related-goals-for-2010/

Reply to: