Re: Urgent: Security fix for openswan 2.2.0
* Rene Mayrhofer (rmayr@debian.org) [050127 16:35]:
> I am currently preparing an upload of openswan (2.2.0-6), which contains a fix
> to a remotely exploitable security issue. As Joey has pointed me to,
> http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities&flashstatus=false
> has some more details. The package is ready, I am not just waiting for an
> acknowledge from this list to upload to testing-proposed-updates with an
> urgency of HIGH (it will also fix a FTBFS issue that was triggered by the
> opensc transition to testing).
>
> Please drop me a line when I can upload.
We discussed a bit in the release team.
Our first question is: Why don't you just fix the bug in unstable, and
we push the package through to testing? If the unstable package is not
suitable for sarge, than yes, please upload a package (with a
minimal-as-possible diff) to testing-proposed-updates ASAP.
However, just speaking in general, it would make our tasks easier if
packages are uploaded to unstable only when they're generally ready for
sarge, and otherwise, uploaded to experimental.
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
Reply to: