Re: Drop support for libqb?
On Fri, Nov 15, 2019 at 08:42:59PM +0000, Holger Levsen wrote:
> On Thu, Nov 14, 2019 at 01:51:46PM -0500, Roberto C. Sánchez wrote:
> > > I had not yet seen this message so I already submitted a MR. Should I
> > > close that and make a direct commit?
> I believe you did this now, but in any case: yes, please.
Yes, that is done.
> > - Any feedback on this proposed DLA text?
> a.) very cool!
> > Package : debian-security-support
> > Version : 2019.11.15~deb8u1
> > debian-security-support, the Debian security support coverage checker,
> > has been updated in jessie.
> > This marks the end of life of the libqb package in jessie. A recently
> > reported vulnerability against libqb which allows users to overwrite
> > arbitrary files via a symlink attack cannot be adequately addressed in
> > libqb in jessie. Upstream no longer supports this version and no
> > packages in jessie depend upon libqb, thus making it a leaf package.
> b.) I would drop the 'thus making it a leaf package.' half-sentence and
> it conveys no relevant information.
I have updated my draft. When I upload to jessie a bit later on tonight
I will release the DLA with the updated wording.
> & thanks again for taking care of the d-s-s upload!
Roberto C. Sánchez