Bug#910398: stretch-pu: package gnupg2/2.1.18-8~deb9u3
Hi,
On Sun, Oct 21, 2018 at 11:21:36AM +0000, Georg Faerber wrote:
> Hi,
>
> On 18-10-21 12:05:31, Moritz Mühlenhoff wrote:
> > That's all bugfixes related to enabling Enigmail and nothing in their
> > is itself security-related, so I think that's something for the point
> > update, not security.debian.org
>
> That's quite unfortunate to hear, and I don't share this opinion (even
> if this doesn't count in this case, I guess), for reasons outlined in
> the initial mail by dkg of this bug report in the "fixing enigmail"
> section.
>
> As of now, enigmail, which people use to secure their communication, is
> broken, therefore, IMHO, fixing it would be indeed a security fix.
>
> I spoke to quite some "end users" during the last weeks about this and
> heard the problems they've run into; personally, to not further delay
> this, I would very much appreciate if this could be handled via
> security.d.o.
Some packages can be 'fast-tracked' from proposed-updates before a
point release though still via the 'stable-updates' mechanism[1]. It
was announced back in [2], and might be an option here if the SRM can
be convinced it is needed (a.k.a if Adam gives it's okay here).
[1] https://wiki.debian.org/StableUpdates
[2] https://lists.debian.org/debian-devel-announce/2011/03/msg00010.html
Regards,
Salvatore
Reply to: