Hello, On 26.07.2016 18:51, Diego Biurrun wrote: > Sorry, I'm afraid I maintained too much radio silence.. Yes, that happens. You don't need to wait until you have fixed all open libav issues because LTS users will also benefit from a intermediate release of your fixes. I believe we should work towards a release in the near future now. > On 2016-07-23 19:08, Markus Koschany wrote: >> I am contacting you on behalf of the Debian LTS team. Two months ago you >> voiced your interest in helping us to fix open security issues in libav. >> >> https://security-tracker.debian.org/tracker/source-package/libav >> >> Can you tell us more about the latest developments? If you have any >> questions regarding Debian LTS work, please send them to the debian-lts >> list and I will try to answer them in a timely manner. > > I got sidetracked by other work and by trying to get access to the > Google ClusterFuzz samples[1]. I have access to a bunch of them now, > but not the whole lot and it turns out that I don't necessarily need > them in each and every case to port fixes. So yeah, that was a bit of a > wild goose chase :-/ > > In any case I have the first set of three patches[2] queued up for > pushing to the 0.8 branch. I've sent them to the libav-devel mailing > list to give other devs a chance to react. I expect nobody to care about > stale branches, however. Thus the ETA for the patches to hit the 0.8 > branch is tomorrow evening CET or the next morning at the latest. > > I hope and expect to churn out a steady trickle of 1-3 backports per > week going forward while not on vacation now that I have all the pieces > for working with those old branches back in place. I think it would be best if you pushed your current work to a public git repository, so that we can help you to test the update and work on a release. Regards, Markus
Attachment:
signature.asc
Description: OpenPGP digital signature