[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#959014: RFS: filezilla/3.39.0-2+deb10u1 [NMU, RC] -- Full-featured graphical FTP/FTPS/SFTP client

On Tue, Apr 28, 2020 at 03:54:42AM +0100, Phil Wyett wrote:
>  * Package name    : filezilla
>    Version         : 3.39.0-2+deb10u1

> https://mentors.debian.net/debian/pool/main/f/filezilla/filezilla_3.39.0-2+deb10u1.dsc
> 
> Changes since the last upload:
> 
>    * Non-maintainer upload
>    * Added: 02_untrusted_search_path.patch - CVE-2019-5429. (Closes: #928282)

> Note: Package requires sponsor for stable updates upload.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947102

Hi!
You got approval for a stable update, yet the upload is targetted at
buster-security.  That path is outside the purview of Release Team nor
any kind of sponsored uploads.

There are two ways to update stable:
* buster-security: done by the Security Team, usually prepared in secret,
  typically discussed with the maintainer but uploaded by members of the
  Security Team.  This is for urgent security issues.

* buster (internally buster-proposed-updates, but the changelog entry says
  "buster"): done by a regular maintainer/NMUer, possibly sponsored, after
  an approval of the [Stable] Release Team.

Thus, unless you go through -security instead, could you please change the
changelog entry to target "buster" nor "buster-security"?


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ in the beginning was the boot and root floppies and they were good.
⢿⡄⠘⠷⠚⠋⠀                                       -- <willmore> on #linux-sunxi
⠈⠳⣄⠀⠀⠀⠀
Reply to: