Hi,
Yann Leboulanger wrote (12 Dec 2012 07:57:30 GMT) :
On 12/12/2012 01:37 AM, intrigeri wrote:
Looks like this should be added to the embedded code copies list,
regardless of the minor diff:
https://wiki.debian.org/EmbeddedCodeCopies
This can also be in Gajim itself, and I'll do that for next release.
Great!
However, given this next release is highly unlikely to be in Wheezy,
it looks like Wheezy will ship with a Gajim that *has* a python-gnupg
embedded code copy -- and perhaps Squeeze has too?
Regardless of the future (much welcome!) upstream fixes, information
about the existing code duplication needs to be put on the dedicated
list, so that the security team can react appropriately in case
a security issue is discovered in the duplicated library.
(Adding secure-testing-team into the loop, keeping the unblock bug in
the Cc list too, as I doubt the package should be unblocked without
having a clear view of what's happening with the embedded
python-gnupg.)