Re: libspring-2.5-java and requesting membership for secure-testing

[Raphael Hertzog <hertzog@debian.org>]

Hi,

On Mon, 30 Mar 2015, Markus Koschany wrote:
> I have recently started to investigate whether I could fix some open LTS
> issues and discovered the entry for libspring-2.5-java. According to
> 
> https://security-tracker.debian.org/tracker/source-package/libspring-2.5-java
> 
> there is no open security issue left. Is this an oversight? Otherwise I
> might take a closer look and work on a fix.

No it's correct, the last CVE issue was mis-assigned to that package. That
said there are other java packages in need of some love.

For example commons-httpclient has been waiting for months:
https://security-tracker.debian.org/tracker/source-package/commons-httpclient

> In addition I would be happy
> if someone added me to the security-testing project on alioth, so that I
> can claim open issues in the SVN repository myself. My alioth name is
> apo-guest. I have been mainly active in the Debian Games and Java teams
> for the past 2,5 years but are interested in other areas of Debian as
> well and might be able to help fixing outstanding security issues from
> time to time.

I don't have the rights to add you but someone else will do it soonish I
guess.

Thanks for your help!

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/