[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Thunderbird 52.9.0 for LTS?

Hello Emilio and Security-Team,

while preparing the stretch-security package for Thunderbird upstream
has announced just right now via the private driver mailing list to stop
the current automatic updates for 52.9.0 due a critical issue [1] that
can bring in some data loss while working with attachments. So I decided
to open a bug [2] with severity grave against the version of thunderbird
in unstable to prevent the migration to testing for now.

But this means also we shouldn't deliver version 52.9.0 in any -security
release for now. So I will not upload my prepared packages for
stretch-security as I think Mozilla will provide a fix for the new issue
within the next days. Or there are other objections?

Am 07.07.18 um 10:54 schrieb Emilio Pozuelo Monfort:
> Hi Carsten!
> On 07/07/18 10:17, Carsten Schoenert wrote:
>> Hello Emilio,
>> in the past I've also built the Thunderbird packages for
>> jessie(-security) suite which is now covered by LTS.
>> I can easily rebuild and upload the packages for jessie and Thunderbird
>> now too but I'm not familiar with the needed steps and things inside the
>> LTS team workflow. Guido gave me some hints but I guess it better to ask
>> and clarify.
>> I'm preparing right now the packages for stretch-security and will
>> upload them over the weekend to security. So do you have an opinion on
>> how to continue with Thunderbird for jessie-security? I'm fine if you
>> want to do the packages for LTS on your own, the git tree for
>> thunderbird is up to date for debian/sid.
> Since I had done the previous updates for wheezy, I did this one for jessie
> since it's now LTS. The update is ready, I'm just waiting for the stretch update
> so that we don't end with a higher version in jessie if that gets delayed. I
> will push the changes to the jessie branch when I upload it.

I'm fine with this.

> For future updates, if you want to prepare them that would be fine. If you also
> want to test and release them that's cool too. The final step is to announce
> them (for which you need to grab a DLA number). I can explain you the steps to
> do that, or again I or someone from the team could do it, as you prefer.

If we can a have look at this at DebConf e.g. I gladly will follow any
existing procedures if I know what and how to do. Maybe it is completely
different with 60.x releases related to the needs for rustc and cargo
and some time constrains on my side then, but this we will see once we
are there.

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1473893
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903160

Carsten Schoenert

Reply to: