[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Secure-testing-team] py-asterisk REMOVED from testing

Faidon Liambotis wrote:
Luk Claes wrote:
Because asterisk maintainers apparantly aren't interesting in making sure stable and secure packages reach testing as this is already taking months and even before the release these packages were more than once in a very bad shape, I thought they wouldn't mind... I guess I was wrong, though I can still be convinced to remove all their packages from testing if I was right after all...
Please, pretty please can someone preferably more than one take care of the VOIP packages appropriately so removals of testing and release team wasting time on them is not necessary anymore, TIA!
I have tried fixing all of the security bugs of asterisk.
We've already had security uploads on both sarge and etch recently

Unfortunately, asterisk in lenny was FTBFSing because of missing or
changed dependencies so I couldn't make an upload to testing-security,
even though the version is exactly the same as of etch.

It was FTBFSing because of a removed build dependency which apparantly was fixed in unstable but not in testing...

Since then, I'm trying to get asterisk to migrate with no success.
We've had many problems unrelated to asterisk itself that had to fix or
workaround, such as a binutils bug (#440015) a gcc-4.2 bug (#445336)
and, of course, the lbl128 transition.

Which is of course a bit late, but thanks for trying to sort out the mess anyway!

Asterisk is quite hard to get to testing because of the vast amount of
build-deps. Right now, it's blocked by net-snmp, perl, krb5 and gtk-2.0.

That means you should try to get a stable version into testing and keep that maintained for library transitions while you prepare and stabilise a next candidate for stable (new upstream and/or less important changes) in experimental and coordinate with maintainers of these build-deps on when it's a good time to upload it to unstable... IMHO

If you think there are some other pending issues, please say so and I
will handle them personally.

The issue now is that people cannot install asterisk in testing and people who already have it installed have a vulnerable version... though I'm confident you'll try to fix that ;-)



Reply to: