Yasuhiro, On Thu, May 12, 2005 at 12:25:41AM +0900, ARAKI Yasuhiro wrote: > In conclusion, we should ship libosip2 2.0.6 with sarge. > And I will fix for 2.0.6. It includes a potential security risk. > It is same as #305729. Well, the conclusion of my previous message was that, even though I don't like the situation, libosip2 2.2.0 and siproxd have both been accepted into sarge. The new versions have already reached testing. > > Well, this tells me that we should not ship libosip2 2.0.6 with sarge, > > whether or not we decide to allow 2.2.0 in. > > > > - libosip2-3 was accepted into unstable on March 19 > > - even though siproxd, its *one* reverse-dependency in testing, was > > uploaded on March 23, it remained RC-buggy until April 24, when I > > sponsored an upload on behalf of the maintainer (after pestering him on > > IRC) > > - by which point, a new upstream version of libosip2 had been uploaded, > > blocking the progression of the fixed siproxd into testing; > > - and three days later, libosip2 was uploaded again, with the only change > > being to change the maintainer field, ensuring that neither package > > would get in before we froze! > Sorry. I caused these problems. You didn't cause the RC bug in siproxd; that was the responsibility of the siproxd maintainer. But it does show that it's important for maintainers of related packages to communicate. Thanks, -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature