Re: Wheezy update of sogo?
On 2016-05-18 15:43:32, Markus Koschany wrote:
> Am 18.05.2016 um 21:01 schrieb Jeroen Dekkers:
>> Hi Markus,
>>
>> Sorry for the late reply. This bug also isn't fixed in jessie, the
>> reason for this is that upstream isn't going to fix this for SOGo 2
>> and earlier. The security bug is about the complete lack of CSRF
>> protection and implementing that is going to be a lot of work. SOGo 3
>> has a complete new frontend and that has CSRF protection now, so I
>> think it is best to just mark SOGo as unsupported in wheezy-lts. I
>> haven't had the time yet to finish packaging SOGo 3, but I'll be at
>> debcamp next month and should have enough time then to do that and
>> create a backport for jessie.
>>
>
> Hi Jeroen,
>
> thank you for your reply. I see. We only ship the 1.x series in Wheezy,
> so this would require even more backporting work and I don't think this
> is justified in sogo's case. I believe we should mark sogo as
> unsupported in Wheezy but I will wait for further feedback from the team
> until I am going to do that.
The package is not in the list of sponsored packages, so i think it's
fine to mark it as unsupported.
A.
--
Every time I see an adult on a bicycle I no longer despair for the
future of the human race.
- H. G. Wells
Reply to: