Re: squeeze update of unzip?

To: Santiago Vila <sanvila@unex.es>
Cc: debian-lts@lists.debian.org
Subject: Re: squeeze update of unzip?
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 14 Oct 2015 00:28:43 +0100
Message-id: <[🔎] 1444778923.31451.18.camel@decadent.org.uk>
In-reply-to: <[🔎] 20151013231013.GA11799@cantor.unex.es>
References: <[🔎] 1444777042.31451.14.camel@decadent.org.uk> <[🔎] 20151013231013.GA11799@cantor.unex.es>

On Wed, 2015-10-14 at 01:10 +0200, Santiago Vila wrote:
> On Tue, Oct 13, 2015 at 11:57:22PM +0100, ben@decadent.org.uk wrote:
> > Hello dear maintainer(s),
> > 
> > the Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of unzip:
> > https://security-tracker.debian.org/tracker/CVE-2015-7696
> > https://security-tracker.debian.org/tracker/CVE-2015-7697
> > 
> > Would you like to take care of this yourself? We are still understaffed so
> > any help is always highly appreciated.
> > 
> > If yes, please follow the workflow we have defined here:
> > http://wiki.debian.org/LTS/Development
> > 
> > If that workflow is a burden to you, feel free to just prepare an
> > updated source package and send it to debian-lts@lists.debian.org
> > (via a debdiff, or with an URL pointing to the the source package,
> > or even with a pointer to your packaging repository), and the members
> > of the LTS team will take care of the rest. Indicate clearly whether you
> > have tested the updated package or not.
> > 
> > If you don't want to take care of this update, it's not a problem, we
> > will do our best with your package. Just let us know whether you would
> > like to review and/or test the updated package before it gets released.
> 
> Hello Ben.
> 
> This is a little bit confusing: Are you fixing things in "squeeze-lts"
> even before they are fixed in wheezy, jessie or even sid?
> 
> 
> I will gladly take care of fixing this in unstable if somebody provides a fix.
> 
> Then I would gladly help the security team to fix it in jessie.
> 
> Then we could consider to fix it in wheezy.
> 
> But fixing it in squeeze-lts before all that seems quite unusual to me.

It is quite rare that we would fix an issue in squeeze-lts first.
However, I have sometimes worked on issues as part of the LTS team and
created patches for squeeze-lts and the newer suites.

Ben.

-- 
Ben Hutchingst
[W]e found...that it wasn't as easy to get programs right as we had thought.
... I realized that a large part of my life from then on was going to be spent
in finding mistakes in my own programs. - Maurice Wilkes, 1949

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- squeeze update of unzip?
  - From: ben@decadent.org.uk
- Re: squeeze update of unzip?
  - From: Santiago Vila <sanvila@unex.es>

Prev by Date: Re: squeeze update of unzip?
Next by Date: Re: squeeze update of lxc?
Previous by thread: Re: squeeze update of unzip?
Next by thread: Re: Accepted postgresql-8.4 8.4.22lts5-0+deb6u1 (source all amd64) into squeeze-lts
Index(es):
- Date
- Thread