Re: Fixing minor/unimportant issues via DLA on demand
Hi,
On 20/03/2020 18:04, Utkarsh Gupta wrote:
> On Fri, Mar 20, 2020 at 5:33 PM Sylvain Beucler <beuc@beuc.net> wrote:
>> These are 2 cases (request from Jessie user or from maintainer) that I
>> yet to see :)
>> Do you have a specific case in mind?
> I do. But I am not very sure if I should mention the user thingy
> publicly or not.
We can discuss the specific vulnerability. Otherwise I would stick to
the minor/unimportant guidelines from my previous mail (i.e. from
https://security-team.debian.org/security_tracker.html).
If a user requires a minor/unimportant fix though, that may mean that
the bug was incorrectly categorized and could be re-evaluated with
additional input in data/CVE/list.
> Anyway, the other case (where the maintainer wants to fix) is phpmyadmin.
> Of course, he being the upstream and downstream maintainer, wanted to
> fix this in Jessie.
Hmm, I'm curious. What vulnerability would he like to fix that we
didn't? This may mean we should have.
> And I am happy to help in such cases, because why not?
> Just curious, if such a case happens, should I/we issue a DLA or not?
Any DD can directly update Jessie following:
https://wiki.debian.org/LTS/Development
with no additional privileges (that's what postgresql's maintainer does).
You can certainly send a DLA on behalf of the uploader, if they don't
want to do it.
Cheers!
Sylvain
Reply to: