Re: libosip2 and libosip2-3
Thanks Steve,
In conclusion, we should ship libosip2 2.0.6 with sarge.
And I will fix for 2.0.6. It includes a potential security risk.
It is same as #305729.
> Well, this tells me that we should not ship libosip2 2.0.6 with sarge,
> whether or not we decide to allow 2.2.0 in.
> - libosip2-3 was accepted into unstable on March 19
> - even though siproxd, its *one* reverse-dependency in testing, was
> uploaded on March 23, it remained RC-buggy until April 24, when I
> sponsored an upload on behalf of the maintainer (after pestering him on
> IRC)
> - by which point, a new upstream version of libosip2 had been uploaded,
> blocking the progression of the fixed siproxd into testing;
> - and three days later, libosip2 was uploaded again, with the only change
> being to change the maintainer field, ensuring that neither package
> would get in before we froze!
Sorry. I caused these problems.
> - and all the while, there is apparently no releasable version of siproxd
> in testing, according to bug #304691 which reports that both the
> unstable and testing versions segfault, which apparently no one bothered
> to report even though the package that was in testing at the time was
> seven months old!
Sorry. I don't understand status of siproxd.
> So I am not very sympathetic to requests that either of these packages be
> given freeze exceptions, and I'm also not confident that either package is
> being maintained very well right now.
I understand.
--
ARAKI Yasuhiro
A Debian Official Developer <ar@debian.org>
Reply to: