Re: [Secure-testing-team] py-asterisk REMOVED from testing

To: debian-release <debian-release@lists.debian.org>
Cc: pkg-voip-maintainers <pkg-voip-maintainers@lists.alioth.debian.org>, secure-testing-team@lists.alioth.debian.org
Subject: Re: [Secure-testing-team] py-asterisk REMOVED from testing
From: Luk Claes <luk@debian.org>
Date: Mon, 15 Oct 2007 11:26:53 +0200
Message-id: <[🔎] 4713325D.7090309@debian.org>
In-reply-to: <[🔎] 47132D85.6090508@debian.org>
References: <E1IhC77-0006u0-Fx@merkel.debian.org> <[🔎] 87myuk22pg.fsf@sonic.technologeek.org> <[🔎] 47132A34.3020202@debian.org> <[🔎] 47132D85.6090508@debian.org>

Faidon Liambotis wrote:

Luk Claes wrote:
Because asterisk maintainers apparantly aren't interesting in makingsure stable and secure packages reach testing as this is already takingmonths and even before the release these packages were more than once ina very bad shape, I thought they wouldn't mind... I guess I was wrong,though I can still be convinced to remove all their packages fromtesting if I was right after all...
<snip>
Please, pretty please can someone preferably more than one take care ofthe VOIP packages appropriately so removals of testing and release teamwasting time on them is not necessary anymore, TIA!
I have tried fixing all of the security bugs of asterisk.
We've already had security uploads on both sarge and etch recently
(DSA-1358-1)

Unfortunately, asterisk in lenny was FTBFSing because of missing or
changed dependencies so I couldn't make an upload to testing-security,
even though the version is exactly the same as of etch.

It was FTBFSing because of a removed build dependency which apparantlywas fixed in unstable but not in testing...

Since then, I'm trying to get asterisk to migrate with no success.
We've had many problems unrelated to asterisk itself that had to fix or
workaround, such as a binutils bug (#440015) a gcc-4.2 bug (#445336)
and, of course, the lbl128 transition.

Which is of course a bit late, but thanks for trying to sort out themess anyway!

Asterisk is quite hard to get to testing because of the vast amount of
build-deps. Right now, it's blocked by net-snmp, perl, krb5 and gtk-2.0.

That means you should try to get a stable version into testing and keepthat maintained for library transitions while you prepare and stabilisea next candidate for stable (new upstream and/or less important changes)in experimental and coordinate with maintainers of these build-deps onwhen it's a good time to upload it to unstable... IMHO

If you think there are some other pending issues, please say so and I
will handle them personally.

The issue now is that people cannot install asterisk in testing andpeople who already have it installed have a vulnerable version... thoughI'm confident you'll try to fix that ;-)


Cheers

Luk

Reply to:

Follow-Ups:
- Re: py-asterisk REMOVED from testing
  - From: Faidon Liambotis <paravoid@debian.org>

References:
- Re: py-asterisk REMOVED from testing
  - From: Julien BLACHE <jblache@debian.org>
- Re: py-asterisk REMOVED from testing
  - From: Luk Claes <luk@debian.org>
- Re: py-asterisk REMOVED from testing
  - From: Faidon Liambotis <paravoid@debian.org>

Prev by Date: Re: py-asterisk REMOVED from testing
Next by Date: Re: binNMU request for gtkmathview on amd64 [Was: Re: Bug#441198: Crash on amd64]
Previous by thread: Re: py-asterisk REMOVED from testing
Next by thread: Re: py-asterisk REMOVED from testing
Index(es):
- Date
- Thread