Your message dated Sat, 14 Mar 2015 10:43:18 +0100 with message-id <550402B6.7020302@thykier.net> and subject line Re: Bug#780388: RM: trafficserver/5.0.1-1 has caused the Debian Bug report #780388, regarding RM: trafficserver/5.0.1-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 780388: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780388 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Cc: 778895-submitter@bugs.debian.org, Arno Töll <arno@debian.org>
- Subject: RM: trafficserver/5.0.1-1
- From: Arnaud Fontaine <arnau@debian.org>
- Date: Fri, 13 Mar 2015 17:29:04 +0900
- Message-id: <[🔎] 87y4n1qp0v.fsf@duckcorp.org>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: rm Hello, Considering that trafficserver is currently affected by 3 security bugs (CVE-2014-3624, CVE-2014-10022 (#778895) and #749846) fixed in Sid but which was not uploaded on time to testing before the freeze, and that these bugs cannot be easily fixed, it would probably be better to remove it from testing as suggested by Arno Töll, the maintainer of trafficserver, on #778895: "However, the Release Team was uncomfortable to unblock that package (cf. #769689). I'm afraid, that we better ask for removal of that package in Testing rather than bothering with it, as we - as maintainers - cannot guarantee for the security of it already, even less so over the lifespan of a Debian Release, and upstream is moving faster than us." Thanks in advance. Regards, -- Arnaud FontaineAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: Arnaud Fontaine <arnau@debian.org>, 780388-done@bugs.debian.org
- Cc: 778895-submitter@bugs.debian.org, Arno Töll <arno@debian.org>
- Subject: Re: Bug#780388: RM: trafficserver/5.0.1-1
- From: Niels Thykier <niels@thykier.net>
- Date: Sat, 14 Mar 2015 10:43:18 +0100
- Message-id: <550402B6.7020302@thykier.net>
- In-reply-to: <[🔎] 87y4n1qp0v.fsf@duckcorp.org>
- References: <[🔎] 87y4n1qp0v.fsf@duckcorp.org>
On 2015-03-13 09:29, Arnaud Fontaine wrote: > Package: release.debian.org > Severity: normal > User: release.debian.org@packages.debian.org > Usertags: rm > > Hello, > > Considering that trafficserver is currently affected by 3 security bugs > (CVE-2014-3624, CVE-2014-10022 (#778895) and #749846) fixed in Sid but > which was not uploaded on time to testing before the freeze, and that > these bugs cannot be easily fixed, it would probably be better to remove > it from testing as suggested by Arno Töll, the maintainer of > trafficserver, on #778895: > > "However, the Release Team was uncomfortable to unblock that package > (cf. #769689). I'm afraid, that we better ask for removal of that > package in Testing rather than bothering with it, as we - as > maintainers - cannot guarantee for the security of it already, even > less so over the lifespan of a Debian Release, and upstream is moving > faster than us." > > Thanks in advance. > > Regards, > Ack, I have added a removal hint for trafficserver. Hopefully things will look better for Stretch. Thanks, ~Niels
--- End Message ---