Bug#619850: pu: package iceowl/1.0~b1+dfsg2-2.squeeze1.diff

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 619850@bugs.debian.org, team@security.debian.org
Subject: Bug#619850: pu: package iceowl/1.0~b1+dfsg2-2.squeeze1.diff
From: Guido Günther <agx@sigxcpu.org>
Date: Sun, 12 Jun 2011 22:11:04 +0200
Message-id: <[🔎] 20110612201104.GB24656@bogon.sigxcpu.org>
Reply-to: Guido Günther <agx@sigxcpu.org>, 619850@bugs.debian.org
In-reply-to: <[🔎] 1307559361.14057.12.camel@hathi.jungle.funky-badger.org>
References: <20110327202701.GA779@bogon.sigxcpu.org> <1304179073.4138.5370.camel@hathi.jungle.funky-badger.org> <20110508123519.GA4025@bogon.sigxcpu.org> <[🔎] 20110607072501.GB9873@bogon.sigxcpu.org> <[🔎] 1307559361.14057.12.camel@hathi.jungle.funky-badger.org>

On Wed, Jun 08, 2011 at 07:56:00PM +0100, Adam D. Barratt wrote:
> On Tue, 2011-06-07 at 09:25 +0200, Guido Günther wrote:
> > On Sun, May 08, 2011 at 02:35:19PM +0200, Guido Günther wrote:
> > > On Sat, Apr 30, 2011 at 04:57:53PM +0100, Adam D. Barratt wrote:
> [...]
> > > > On Sun, 2011-03-27 at 22:27 +0200, Guido Günther wrote:,
> > > > > I'd like to push iceowl 1.0~b1+dfsg2-2.squeeze1 to squeeze proposed
> > > > > updates. It contains the same updates as current icedove. 
> > > > 
> > > > Presumably this now requires a further update, in light of at least
> > > > MFSA2011-12?
> > > 
> > > Indeed. I've added all the patches that got added to xulrunner and
> > > icedove recently (attached).
> > 
> > Ping. Can this be pushed to s-p-u?
> 
> I hadn't realised the above was as long ago as it was; apologies for
> that.  However, the main reason I'd left it flagged as waiting was the
> hope of a response to...
> 
> > > > I do note that the discussion before the release about updating iceowl
> > > > in stable very much implied that security updates would be pushed via
> > > > the security archive, albeit not as the security team's top priority.
> > > 
> > > The update in stable was necessary to move iceowl to the same codebase
> > > as icedove/xulrunner making it possible to reuse the patches. I'm
> > > putting the security team on cc: so we can figure out how to best get
> > > the updated iceowl versions into stable.
> 
> ... this.  There doesn't appear to have been any follow-up from the
> security team on the bug; has there been any discussion elsewhere?

Not that I know of. I think README.Debian still holds:

# There's no upstream security support for iceowl and iceowl-extension since
# lightning is still under development without an officially supported version by
# upstream. New lightning upstream versions add features and require new
# icedove/thunderbird versions to function.

# Therefore Debian doesn't offer official security support for this package.

Nevertheless we should fix what is easily fixable.
Cheers,
 -- Guido

Reply to:

Follow-Ups:
- Bug#619850: pu: package iceowl/1.0~b1+dfsg2-2.squeeze1.diff
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#619850: pu: package iceowl/1.0~b1+dfsg2-2.squeeze1.diff
  - From: Guido Günther <agx@sigxcpu.org>
- Bug#619850: pu: package iceowl/1.0~b1+dfsg2-2.squeeze1.diff
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: <>
Next by Date: Bug#624647: pu: package akonadi/1.3.1-3+squeeze1
Previous by thread: Bug#619850: pu: package iceowl/1.0~b1+dfsg2-2.squeeze1.diff
Next by thread: Bug#619850: pu: package iceowl/1.0~b1+dfsg2-2.squeeze1.diff
Index(es):
- Date
- Thread