Hi release team, security team: over in #910398, i wrote: On Fri 2018-10-05 17:48:10 -0500, Daniel Kahn Gillmor wrote: > I'd like to update the version of GnuPG in debian stable with a series > of targeted bugfixes (most of which are backported from upstream). > > There are four complementary reasons, which i explain in more detail > below: > > * ptrace hardening for scdaemon > * bugfixes that target some common workflows > * updating cryptographic defaults > * fixing enigmail in stretch > > All of the patches that implement these changes have been in buster > for many months (either as upstream improvements or debian-specific > improvements). I'd appreciate some followup on this from the debian teams -- am i barking up the wrong tree? should i take a different approach? or do i (and the stretch users of enigmail) just need to wait a little while longer for review? Many thanks for your work in keeping debian stable safe, healthy, and useful. Regards, --dkg PS thanks to Georg for his testing of these changes, as noted in #910398!
Attachment:
signature.asc
Description: PGP signature