Re: Naming scheme of fis-gtm binary packages (Was: Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm)

To: debian-med@lists.debian.org, "Shah, Amul" <Amul.Shah@fisglobal.com>
Subject: Re: Naming scheme of fis-gtm binary packages (Was: Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm)
From: Andreas Tille <andreas@an3as.eu>
Date: Sat, 30 Jul 2022 07:42:15 +0200
Message-id: <[🔎] YuTEt0t8qvg8z8aH@an3as.eu>
In-reply-to: <[🔎] YuPwWdMrgX8VUoBo@hermes.hilbert.loc>
References: <Yqr2jFgsgvjWwrBj@an3as.eu> <DB9PR08MB6555030F1A128B001550FF3AEBAC9@DB9PR08MB6555.eurprd08.prod.outlook.com> <Yqs6jbUUJ9P3pG8V@an3as.eu> <DB9PR08MB655538006C985A7861C79EBFEBAC9@DB9PR08MB6555.eurprd08.prod.outlook.com> <Yqw+/H/WUnFuuP1D@an3as.eu> <DB9PR08MB65554F7B18855E68A817BE71EBAF9@DB9PR08MB6555.eurprd08.prod.outlook.com> <[🔎] DB9PR08MB6555AC90C65E2AF1148E2E90EB879@DB9PR08MB6555.eurprd08.prod.outlook.com> <[🔎] Ys0KLTCDd0z1S0n7@an3as.eu> <[🔎] YuOSldxPtAbqtmvE@an3as.eu> <[🔎] YuPwWdMrgX8VUoBo@hermes.hilbert.loc>

Hi Karsten,

I do not mind, to keep the numbering scheme if it makes sense and
reflects the truth.  It just needs do be done in a timely manner.  Long
standing open CVEs are not acceptable.  The current decision should be
drawn quickly and acted accordingly.  I hope I made the consequences to
keep the current versioning scheme clear and if the price is worth
paying than it should be payed.  Just doing nothing is wrong in the
current situation.

Kind regards
   Andreas.

Am Fri, Jul 29, 2022 at 04:36:09PM +0200 schrieb Karsten Hilbert:
> Am Fri, Jul 29, 2022 at 09:56:05AM +0200 schrieb Andreas (Debian):
> 
> > I wonder if there is some decision about the naming scheme.  I *really*
> > want to get the CVE bugs fixed.  Users might consider Debian packages
> > useless otherwise.
> 
> As far as I remember the "Mumps community" considers each and
> every release "potentially incompatible".
> 
> This may or may not be true, and it may or may not be wise,
> regardless of truth.
> 
> I would think that there should be an external repository
> being run by, say, fis.gtm, which carries "each and every"
> minor release as an installable package. This is similar to
> what PostgreSQL offers. Additionally, in order to lower the
> barrier for entry, there should be official, in-Debian,
> "stable" packages, say v6, v7, ... which carry the currently
> latest patch release per major version. Creating those ought
> to be pretty easy, once the vendor repo is available.
> 
> Karsten
> --
> GPG  40BE 5B0E C98E 1713 AFA6  5BC0 3BEA AC80 7D4F C89B
> 
> 

-- 
http://fam-tille.de

Reply to:

References:
- Re: Naming scheme of fis-gtm binary packages (Was: Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm)
  - From: "Shah, Amul" <Amul.Shah@fisglobal.com>
- Re: Naming scheme of fis-gtm binary packages (Was: Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm)
  - From: Andreas Tille <andreas@fam-tille.de>
- Re: Naming scheme of fis-gtm binary packages (Was: Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm)
  - From: Andreas Tille <tille@debian.org>
- Re: Naming scheme of fis-gtm binary packages (Was: Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm)
  - From: Karsten Hilbert <Karsten.Hilbert@gmx.net>

Prev by Date: sight failing to build
Next by Date: igblast accepted - how can it be used to test igdiscover
Previous by thread: Re: Naming scheme of fis-gtm binary packages (Was: Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm)
Next by thread: Re: Bug#1014647: ITP: abpoa -- adaptive banded Partial Order Alignment
Index(es):
- Date
- Thread