Re: ieee-data: are you interested in fixing a non-security related issue?

[Utkarsh Gupta <utkarsh@debian.org>]

Hi Samuel,

On Sun, Jun 6, 2021 at 4:40 AM Samuel Henrique <samueloph@debian.org> wrote:
> Is the LTS team interested in the fix? It's for a critical issue on
> one script provided by the package, reported at #908623 and #932711:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908623
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932711
>
> You can read more details about the fix and the general description of
> the issue at the stretch-pu request #989502:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989502

Okay, reading through the bugs, it does make sense to fix it, but..
Is this package in a completely useless state w/o this?
Alternatively, if this isn't fixed, will it have a high impact, et al?

> If you believe it makes sense to fix this for stretch (without a DLA),
> can you give me instructions on how to proceed or take over?

Each update to stretch goes through the -security pocket and needs a
DLA, irrespective of whether it's a security bug or not. In the past,
we've fixed some non-security bugs[1], but we only fix them if the
severity is high & the package is in a broken state altogether.

[1]: https://lists.debian.org/debian-lts-announce/2021/03/msg00016.html

So let me know if what you think about the questions above & we can
take it from there?
I'm also CC'ing Emilio, currently at FD, to TAL.


- u