[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#859794: unblock: salt/2016.11.2+ds-1



Hi,

Am Dienstag, den 18.04.2017, 08:19 +0000 schrieb Niels Thykier:
> Moritz Muehlenhoff:
> > On Fri, Apr 07, 2017 at 02:48:50PM +0200, Benjamin Drung wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian.org@packages.debian.org
> > > Usertags: unblock
> > > 
> > > Please unblock package salt
> > > 
> > > 2016.11.2 is a bug-fix release for the 2016.11 series. It
> > > contains
> > > security fixes for CVE-2017-5192 and CVE-2017-5200.
> > 
> > So what's the plan for stretch-security? Are the salt maintainers
> > commiting
> > to preparing security updates for it's lifetime? If not (as it
> > happened for
> > jessie), stable is better off without it.
> > 
> > Cheers,
> >         Moritz
> > 
> 
> Hi Benjamin,
> 
> We are waiting for you to reply to the above mail before we can
> process
> this unblock request.

The jessie release predates my involvement in maintaining salt. I just
looked at the open security issues for jessie and send a debdiff to the
security team to fix most of them (one isn't easy to backport).

I will do my best to prepare security updates for stretch's lifetime.
Upstream will probably support the 2016.11 branch for one year or
longer. After that, backports should be doable for most issues.

-- 
Benjamin Drung
System Developer
Debian & Ubuntu Developer

ProfitBricks GmbH
Greifswalder Str. 207
D - 10405 Berlin

Email: benjamin.drung@profitbricks.com
URL:  http://www.profitbricks.com

Sitz der Gesellschaft: Berlin.
Registergericht: Amtsgericht Charlottenburg, HRB 125506B.
Geschäftsführer: Andreas Gauger, Achim Weiss.


Reply to: