Re: fix severe bug in my package

[Tobias Frost <tobi@debian.org>]

On Tue, 2021-02-02 at 09:08 -0500, Aaron Boxer wrote:
> Forgot to mention: this is the package in question:
> 
> https://tracker.debian.org/pkg/libgrokj2k
> 
> On Tue, Feb 2, 2021 at 9:03 AM Aaron Boxer <boxerab@gmail.com> wrote:
> > Dear Mentors,
> > Last night I discovered a severe bug in my encoder. The bug affects lossy
> > compression of monochrome images, a very large class of images. The bug
> > causes the output pixels to be set to 0, which is pretty serious.
> > 
> > I realize there is a freeze on new packages leading up to Bullseye release,
> > but
> > is there a way of getting a new version in somehow? I wouldn't want the
> > current
> > version to be released.
> > 
> > Thanks very much,
> > Aaron

You are allowed everything as described
on https://release.debian.org/bullseye/freeze_policy.html

(It's still 10 days to the soft freeze, so new versions are generally acceptable
unless you need to trigger a library transistion. If it is a good idea to have 
a new upstream version at that point of time is a different story and depends a
bit on the amount of changes done… You probably in the best situation to judge
that)

Adding/removing binary packages would be allowed, (beside library transistions),
but need to clear NEW until Feb 12, so this is risky (I'd recommend going to
experimental for NEW clearing because of that.)

You probably want create a targeted fix only against the version currently in
unstable. This might be also less risky than a new upstream version…

--
tobi