Hi release team, security team:
over in #910398, i wrote:
On Fri 2018-10-05 17:48:10 -0500, Daniel Kahn Gillmor wrote:
> I'd like to update the version of GnuPG in debian stable with a series
> of targeted bugfixes (most of which are backported from upstream).
>
> There are four complementary reasons, which i explain in more detail
> below:
>
> * ptrace hardening for scdaemon
> * bugfixes that target some common workflows
> * updating cryptographic defaults
> * fixing enigmail in stretch
>
> All of the patches that implement these changes have been in buster
> for many months (either as upstream improvements or debian-specific
> improvements).
I'd appreciate some followup on this from the debian teams -- am i
barking up the wrong tree? should i take a different approach? or do i
(and the stretch users of enigmail) just need to wait a little while
longer for review?
Many thanks for your work in keeping debian stable safe, healthy, and
useful.
Regards,
--dkg
PS thanks to Georg for his testing of these changes, as noted in
#910398!
Attachment:
signature.asc
Description: PGP signature