[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Drop support for libqb?

On Thu, Nov 14, 2019 at 01:51:46PM -0500, Roberto C. Sánchez wrote:
> > I had not yet seen this message so I already submitted a MR.  Should I
> > close that and make a direct commit?

I believe you did this now, but in any case: yes, please.

> - Any feedback on this proposed DLA text?

a.) very cool!

> Package        : debian-security-support
> Version        : 2019.11.15~deb8u1
> debian-security-support, the Debian security support coverage checker,
> has been updated in jessie.
> This marks the end of life of the libqb package in jessie.  A recently
> reported vulnerability against libqb which allows users to overwrite
> arbitrary files via a symlink attack cannot be adequately addressed in
> libqb in jessie.  Upstream no longer supports this version and no
> packages in jessie depend upon libqb, thus making it a leaf package.

b.) I would drop the 'thus making it a leaf package.' half-sentence and
    it conveys no relevant information.

& thanks again for taking care of the d-s-s upload!


       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Attachment: signature.asc
Description: PGP signature

Reply to: