On Wed, May 17, 2017 at 09:57:55AM +0200, Wolfgang Schweer wrote: > I just looked it up: Wheezy is affected by the CVE fix as well (exim4 > 4.80-7+deb7u4, wheezy-security) but noone reported problems… Then I dont think we should bother fixing it in wheezy… That said, if you (or someone else) bothers to fix it, I'll be happy to sponsor the upload. But I really think we should concentrate on stretch now, and keep jessie maintained. Considering it's mostly us two working on this, I think that's already enough work… > > that said, I still think we should fix jessie asap. > Yes. And IMO we should ship a NEWS file containing information about the > changes and how to cope with them. I believe we should do this each time > d-e-c is upgraded for STABLE and OLDSTABLE. hm, besides that there's no guarantee that a NEWS file will be seen or read, it also poses the additional difficultiy of having the NEWS file in (old)stable but not in sid/testing… -- cheers, Holger
Attachment:
signature.asc
Description: Digital signature