Hi Michael, Thanks for your interest in lesstif. As I made the last couple of rounds of changes and are listed as one of the maintainers, I would have appreciated it when you had included me in your cc and maybe even have communicated about your intentions before contacting the mentors list. That said, no hard feelings. On 08/08/11 06:33, Michael Gilbert wrote: > These changes involve mostly just modernizing the package, but a really > important one is eliminating the libxpm embedded code copy, which is good > from a security standpoint. Have you investigated the changes made by upstream lesstif in the embedded code and verified that they are not necessary? As stated in bug 575750 [1], which you properly close, the security team knows about this copy and agreed that this one is not a big problem. Further, I don't believe sponsors find it appropriate when you set the DM-upload-allowed flag without discussing that first and without mentioning that in your request. I cannot upload your package as I am no DD and the DM-upload-allowed flag is not yet set on this package ;). Paul [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575750
Attachment:
signature.asc
Description: OpenPGP digital signature